Kaspersky Research has found a new Android malware. This malware is distributed through domain name system (DNS) hijacking techniques that make smartphones a target in much of Asia.
Called Roaming Mantis, this malware works actively and is designed to steal user information and take over the victim's Android device.
"Mantis roaming is an active and rapidly expanding threat, so we are removing these findings now rather than waiting for us to get all the answers.There is a certain motivation for this attack so we feel the need to notify organizations and individuals of this threat, said Suguru Ishimaru, Security Researcher of Kaspersky Lab Japan in his statement on Monday (23/4).
According to him, this threat of using a compromised router and hijacked DNS shows the need for strong device protection and secure connection usage. Based on his research, between February and April 2018, it detected the spread of malware in more than 150 networks located mostly in South Korea, Bangladesh, and Japan. But the target is probably more than that.
"This case was first reported by the Japanese media, which after we did more in-depth research, it was found that these references did not originate there.In fact, we found some indication that behind this attack there were Chinese or Korean speaking actors.Furthermore, the victims are not just located in Japan, Roaming Mantis, which seems to focus on Korea and Japan, may have a bigger impact, "said Vitaly Kamluk, Director of the Global Research Analysis Team (GREAT) APAC.
Findings from Kaspersky Lab indicate that the attacker behind the malware is looking for a router with a security hole, and then distributing malware through a simple but effective trick by hijacking DNS from the attacked router.
How the method of attacking the router is still unknown. Once the DNS is successfully hijacked, any attempt to access any website is directed to a URL that looks like the original with fake content coming from the attacker server.
Users will find the request: "To better experience the browsing, update to the latest chrome version." Click on the link will trigger the installation of Trojan application with the name 'facebook apk' or 'chrome apk' which becomes backdoor Android attacker.
Kaspersky Lab found 150 targets, further analysis also showed thousands of connections to the attack server on a daily basis, indicating the possibility of a larger attack.
The Roaming Mantis malware design shows the possibility to be distributed more widely in the Asian region. Among them support four languages: Korean, Simplified Chinese, Japanese, and English. While the perpetrators mostly use simple Korean and Chinese.
thanks has seen my posting setandar friends steemit, upvote dan ikutithanks have seen posts setandar my friends steemit, upvote and follow taufik05.
