1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Wi-Fi routers are being hit by a dangerous new Android malware wi

    From TechnologyDaily@1337:1/100 to All on Fri Jan 20 20:30:03 2023
    Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

    Date:
    Fri, 20 Jan 2023 20:13:18 +0000

    Description:
    With the DNS changed, victims are redirected to malicious pages where their login credentials might get stolen.

    FULL STORY ======================================================================

    A new Android app has been found tricking unsuspecting users (even those with clean devices) into visiting malicious versions of popular websites, where they might end up giving away their login credentials, or even worse - money.

    The findings come courtesy of Kaspersky, which found a malicious Android app carrying the Wroba.o/Agent.eq (a.k.a Moqhao, XLoader) malware was being distributed.

    When the app is downloaded, it will try to connect to the Wi-Fi route r the mobile device is connected to. To do that, it will try the most usual username/password combinations, as well as those known to come with factory settings (such as admin/admin). Should it succeed, it will change the DNS server to a malicious one the threat actor has control over. Roaming Mantis

    That allows the malwares operators to redirect all users connected to that specific Wi-Fi network, including those without the malware, to malicious versions of popular websites.

    For example, if a compromised endpoint connects to a public Wi-Fi in a busy cafe, and ends up changing the DNS server settings in the router, everyone else in that cafe that tries to connect to Facebook will actually be redirected to a fake Facebook page. There, theyll be asked to provide their login information and if they do, theyll end up giving away their login credentials to the crooks. Read more

    Globe-trotting Roaming Mantis malware is hitting Android and iOS users
    alike


    Your Wi-Fi router could spy exactly where you are in a room


    Check out the best endpoint protection services right now

    The researchers did not name the apps being distributed, but did say that the APKs were downloaded at least 46,000 times across Japan, Austria, France, Germany, South Korea, Turkey, Malaysia, and India. With more than 24,000 downloads, Japan is by far the most affected country.

    The group behind the apps is allegedly Roaming Mantis. To protect against
    this type of attack, the best course of action would be to avoid connecting
    to important accounts on public Wi-Fi networks. Check out the best firewalls

    Via: ArsTechnica



    ======================================================================
    Link to news story: https://www.techradar.com/news/wi-fi-routers-are-being-hit-by-a-dangerous-new- android-malware-with-extra-dns-hacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)