Android malware targets routers to spread over Wi-Fi

The Roaming Mantis malware distribution campaign has updated its Android malware to include a new technique, a DNS changer, which modifies the DNS settings on vulnerable WiFi routers to spread the infection to other devices. This new version of the XLoader Android malware detects vulnerable WiFi routers based on their model and changes their DNS settings. This allows the malware to create an HTTP request to hijack a vulnerable WiFi router's DNS settings, causing connected devices to be rerouted to …

android android malware campaign devices distribution dns dns changer hijack http infection malware malware distribution mantis request roaming mantis router routers settings version vulnerable wi-fi wifi xloader