A new Android app has been found tricking unsuspecting users (even those with clean devices) into visiting malicious versions of popular websites, where they might end up giving away their login credentials, or even worse – money.
The findings come courtesy of Kaspersky, which found a malicious Android app carrying the Wroba.o/Agent.eq (a.k.a Moqhao, XLoader) malware was being distributed.
When the app is downloaded, it will try to connect to the Wi-Fi router the mobile device is connected to. To do that, it will try the most usual username/password combinations, as well as those known to come with factory settings (such as admin/admin). Should it succeed, it will change the DNS server to a malicious one the threat actor has control over.
Roaming Mantis
That allows the malware’s operators to redirect all users connected to that specific Wi-Fi network, including those without the malware, to malicious versions of popular websites.
For example, if a compromised endpoint connects to a public Wi-Fi in a busy cafe, and ends up changing the DNS server settings in the router, everyone else in that cafe that tries to connect to Facebook will actually be redirected to a fake Facebook page. There, they’ll be asked to provide their login information and if they do, they’ll end up giving away their login credentials to the crooks.
The researchers did not name the apps being distributed, but did say that the APKs were downloaded at least 46,000 times across Japan, Austria, France, Germany, South Korea, Turkey, Malaysia, and India. With more than 24,000 downloads, Japan is by far the most affected country.
The group behind the apps is allegedly Roaming Mantis. To protect against this type of attack, the best course of action would be to avoid connecting to important accounts on public Wi-Fi networks.
- Check out the best firewalls (opens in new tab)
Via: ArsTechnica (opens in new tab)
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Turmeric Kojic Acid Cleansing Pads - Turmeric Face Scrub Pads with Vitamin C (30 pads), Kojic Acid and Turmeric Cleansing Pads for…
$34.99 (as of February 4, 2025 19:26 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Handmade Custom Bag Charm for women - Purse Charm - Personalized Letter Name Keychain with Heart Clasp - Baby Diaper Backpack Tag
$13.99 (as of February 4, 2025 19:31 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
EBOSSOM Car Vacuum V6 Pro, Cordless Handheld Vacuum with 8000Pa Suction, Portable Vacuum for Car, 4 in 1 Mini Vacuum…
$29.99 (as of February 4, 2025 19:26 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Nevermind
$29.99 (as of February 4, 2025 19:31 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
