all InfoSec news
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Malware Analysis, News and Indicators - Latest topics malware.news
Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation.
Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. This was newly implemented in the known Android malware Wroba.o/Agent.eq (a.k.a Moqhao, XLoader), …
actor android android devices apk app campaign control credentials cyberattack device devices dns dns changer dns hijacking files financial function hijacking information kaspersky malicious mantis mobile mobile app motivation package phishing roaming mantis routers steal well-known wi-fi