Roaming Mantis Malware Evolution: New DNS Changer Function Targets Public Routers and Poses a Serious Threat to Individuals and Organizations

Roaming Mantis is a well-known mobile malware that has been used to steal sensitive information from victims. Recently, a new version of the malware has been discovered with a new DNS changer function that allows it to target public routers. According to security researchers, the new version of Roaming Mantis is being distributed through phishing emails and malicious websites that masquerade as legitimate sites. The malware then infects the device and changes the DNS settings of the public router, redirecting victims to phishing sites or malicious domains. The new DNS changer function in Roaming Mantis is particularly concerning as it allows the malware to target a wider range of victims. Public routers, such as those found in hotels, airports, and coffee shops, are often poorly secured and can be easily compromised. This allows the attackers to redirect victims to phishing sites or malicious domains, where they can steal sensitive information, such as login credentials and financial data. Another concerning aspect of the new Roaming Mantis is its ability to evade detection by using a technique called domain generation algorithm (DGA). DGA is a technique used by malware to generate a large number of domain names that are used for Command and Control (C2) communications. It makes it harder for security solutions to detect and block the malicious traffic. It is important for individuals and organizations to take steps to protect themselves from Roaming Mantis and other malware. This includes implementing security best practices such as using strong and unique passwords, avoiding clicking on suspicious links or attachments, and keeping software updated. Additionally, it is also recommended to use advanced security solutions such as antivirus software and firewalls to detect and prevent malware infections. In conclusion, Roaming Mantis is a well-known mobile malware that has been updated with a new DNS changer function that allows it to target public routers. This new function allows the malware to target a wider range of victims and steal sensitive information. It is important for individuals and organizations to be aware of this threat and take steps to protect themselves.