Although it is not a new malware, since it has been known about it for years, now it has returned to its old ways. Basically, security experts have been able to verify how they have released a new variant of this virus, under the name of Wroba, which is capable of infecting WiFi routers and hijacking the DNS settings of computers. And all through Android phones.
The Danger of the Roaming Mantis Virus
As we said, we are not dealing with new malware. The problem is that, from Kaspersky, they have discovered a new updated version, called Wroba, which puts WiFi routers at risk. More than anything, because Android mobile devices are used to connect to WiFi routers, in order to completely modify their DNS settings and make them vulnerable. In this way, they achieve their goal, which is to spread the malware to other devices without any problems.
In its beginnings, back in 2018, they discovered that this malware was focused on users who live in different Asian countries, such as Japan, South Korea or Taiwan. However, in the middle of 2022 he managed to enter France and Germanyafter managing to completely camouflage itself in the Google Chrome web browser app.
For this very reason, since September of last year, Kaspersky researchers came to study Wroba in depth, discovering that this version of the Roaming Mantis malware is capable of change the DNS. Basically, this type of attack manages to catch users by surprise by redirecting them to fake web pages or alternative content using the well-known DNS hijacking technique. And, generally, it has been used to be able to steal private data from victims, such as bank accounts.
The new Wroba variant
With this latest update, the security of WiFi routers is put at risk. Everything will depend on the Android device that connects to the wireless network. This is because “the new DNS changer functionality can manage all device communications that use the compromised WiFi router, such as redirecting to malicious hosts and disabling security product updates,” as confirmed by Kaspersky. With this, it is possible to redirect users to pages that are under the control of the cybercriminal.
For example, all those Android devices that are infected with this malware, when connected to a public WiFi network or from another home, is capable of spread the virus by the rest of the devices that are connected to the same wireless network. In addition, it can steal bank details or collect personal information from the victims that they have on the smartphone. This attack has manifested itself in Austria, France, Germany, India, Japan, Malaysia, Taiwan, Turkey and the US through smishing.