The threat actor known as Roaming Mantis has implemented a DNS changer to infiltrate WiFi routers and undertake DNS hijacking.
Back in 2018, Kaspersky first saw this actor's activities targeting Asian countries, including Japan, South Korea and Taiwan. At that time, the criminals compromised Wi-Fi routers for use in DNS hijacking.
Roaming Mantis is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. It was found to be active throughout 2022 and, in the last few months, it has upgraded its tools and tactics.
Sources:
https://community.riskiq.com/article/b0acb462/description
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
https://www.infosecurity-magazine.com/news/roaming-mantis-adds-dns-changer/
https://cyware.com/news/roaming-mantis-new-dns-changer-function-to-target-public-routers-33667a99
Back in 2018, Kaspersky first saw this actor's activities targeting Asian countries, including Japan, South Korea and Taiwan. At that time, the criminals compromised Wi-Fi routers for use in DNS hijacking.
Roaming Mantis is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. It was found to be active throughout 2022 and, in the last few months, it has upgraded its tools and tactics.
Sources:
https://community.riskiq.com/article/b0acb462/description
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
https://www.infosecurity-magazine.com/news/roaming-mantis-adds-dns-changer/
https://cyware.com/news/roaming-mantis-new-dns-changer-function-to-target-public-routers-33667a99
