With the DNS changed, users are redirected to malicious pages

computing

(Image credit: Shutterstock.com)

A new Android app has been found tricking unsuspecting users (even those with clean devices) into visiting malicious versions of popular websites, where they might end up giving away their login credentials, or even worse – money. 

The findings come courtesy of Kaspersky, which found a malicious Android app carrying the Wroba.o/Agent.eq (a.k.a Moqhao, XLoader) malware was being distributed. 

When the app is downloaded, it will try to connect to the Wi-Fi router the mobile device is connected to. To do that, it will try the most usual username/password combinations, as well as those known to come with factory settings (such as admin/admin). Should it succeed, it will change the DNS server to a malicious one the threat actor has control over.

Roaming Mantis

That allows the malware’s operators to redirect all users connected to that specific Wi-Fi network, including those without the malware, to malicious versions of popular websites. 

For example, if a compromised endpoint connects to a public Wi-Fi in a busy cafe, and ends up changing the DNS server settings in the router, everyone else in that cafe that tries to connect to Facebook will actually be redirected to a fake Facebook page. There, they’ll be asked to provide their login information and if they do, they’ll end up giving away their login credentials to the crooks.

Read more

> Globe-trotting Roaming Mantis malware is hitting Android and iOS users alike
> Your Wi-Fi router could spy exactly where you are in a room (opens in new tab)
> Check out the best endpoint protection services right now (opens in new tab)

The researchers did not name the apps being distributed, but did say that the APKs were downloaded at least 46,000 times across Japan, Austria, France, Germany, South Korea, Turkey, Malaysia, and India. With more than 24,000 downloads, Japan is by far the most affected country.

The group behind the apps is allegedly Roaming Mantis. To protect against this type of attack, the best course of action would be to avoid connecting to important accounts on public Wi-Fi networks. 

    Via: ArsTechnica (opens in new tab)

    Are you a pro? Subscribe to our newsletter

    Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    By submitting your information you agree to the Terms & Conditions (opens in new tab) and Privacy Policy (opens in new tab) and are aged 16 or over.

    Sead Fadilpašić

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    TECH NEWS RELATED

    Is the 2023 Toyota RAV4 Too Old to Keep Up?

    Today we’re putting the Toyota RAV4 in the spotlight to take a closer look at it. We know that there are tons of great things to say about it. It’s capable, spacious, and reliable. But is the 2023 Toyota RAV4 old? Is its age starting to show?  Is the 2023 ...

    View more: Is the 2023 Toyota RAV4 Too Old to Keep Up?

    The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

    Hyundai is building a reputation as an automaker that makes a lot of great cars. This is the case with the 2016 Hyundai Sonata, as Hyundai gave the car a lot of updates for that model year, and that made the car nearly flawless. Here’s a look at how the ...

    View more: The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

    How to Remove Memories in Google Photos

    Open a Memory from the Google Photos app and tap the three-dot menu icon. Then select “Hide” and choose “Remove This Memory.” Google Photos resurfaces old photos and videos in an aptly named feature called “Memories.” However, not all memories are good memories, and you may not want to ...

    View more: How to Remove Memories in Google Photos

    The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

    Hyundai has some excellent SUVs in its lineup right now, all of which are reasonably priced to fit many budgets. The sport utility vehicles below come with Hyundai’s five-year/60,000-mile comprehensive coverage and 10 years/100,000 miles on key powertrain components. Here are three of the best Hyundai SUVs for 2023, packed ...

    View more: The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

    Refreshed Mercedes CLA Gets Mild-Hybrid Technology

    Both the ’24 Mercedes-Benz CLA and Mercedes-AMG CLA receive 48V electrical systems providing additional low-end horsepower.

    View more: Refreshed Mercedes CLA Gets Mild-Hybrid Technology

    Best Ways To Fix Slow Internet During VPN On Windows 11

    Is your VPN slowing down your Internet connection on Windows 11? You’re not alone – many users experience the same issue. Having slow Internet while using a VPN can be incredibly frustrating, especially in the middle of a big project. Whether working from home or just trying to stream your ...

    View more: Best Ways To Fix Slow Internet During VPN On Windows 11

    Best free sports streaming apps in 2023

    Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

    View more: Best free sports streaming apps in 2023

    New software for millions of BMW vehicles with the latest software upgrade

    Even more functions for the BMW Digital Key

    View more: New software for millions of BMW vehicles with the latest software upgrade

    After six months, the Galaxy A41 gets a new security update

    9 Best Fix: Windows Won’t Recognize Android Device

    Which Is a Better Used Sedan: the 2020 Chevrolet Impala or the 2020 Nissan Maxima?

    Galaxy Tab S6 Lite Wi-Fi gets One UI 5.0 as its last major update

    2023 Alfa Romeo Tonale PHEV: full pricing and specs revealed

    8 Best Smart Home Automation Apps for Android and iOS

    4 Reasons to Avoid the 2023 Nissan Maxima

    One UI 5.0 feature focus: Create home screen widget stacks

    Will 5G Make Me Use More Cellular Data?

    No Sound on Windows 11? Here Are 6 Ways How to Fix It!

    2024 Alfa Romeo Tonale Gets Reasonable Starting Price

    Cheapest New GMC Is a Pickup Truck Bargain: Even Better in 2023!

    OTHER TECH NEWS

    Top Car News Car News