A new malware affecting Android and iOS devices through routers

New kind of malware come to the news almost regularly. A new such malware is now identified by Kaspersky Lab. It is a kind of smart new malware which can only be difficult to detect and get over. It affects the smartphones especially Android and iOS ones through compromised routers. Thus, if you are reading this article through a Wi-Fi network, beware.

malware affecting Android and iOS

The malware is named Roaming Mantis and it has affected users of different countries. The affected users belong to India, Bangladesh, China, Japan, and Korea. Yes, it affected a number of Asian countries. Almost 150 users to be more precise, according to Kaspersky Lab. The malware also had added support for 25+ languages including Bengali and Hindi with the target of affecting more users.

The way the malware works is different from other kinds of malware. Thus, it sometimes becomes very difficult to understand whether the user is an actual victim of it or not. It gets access to a smartphone through the router. Then it starts showing genuine looking fake websites theose seem to be completely real. It is accomplished with the help of DNS hijacking.

DNS hijacking is a tool, which makes the browser think it has visited the actual website associated with that IP address. Once the user visits the fake website the user will get an option to download a modern version of Chrome. It is the actually the burglar in disguise. It will come with the usual name of Chrome.apk. After downloading and installing the app, it will ask for numerous permissions. It will ask for the call permission, permission to send and receive text messages, record voices and many more.

Then the app will request the user to log into the Google account once again. The user will enter the username and password, which will be eavesdropped from that point. In the end, the user will also be asked to enter the name and date of birth to acquire more information about the user.

On the iOS devices though, it will run the coin hive cryptocurrency script tool. But the key to this malware is DNS hijacking.

As the malware spreads through routers, it can easily affect hundreds of users within a short span of time. Provided the users are not that careful when installing apps from third-party sources.

I don’t know whether the routers will get an update for the malware blocking or not. But the only way to keep yourself safe is to not download any kind of third-party apps. It is only by that way you can save yourself as of now. If your router is not more than one-year-old, you might get an update. But else, you are simply out of luck. Even there are a number of router manufacturers who never roll out any update. It might be the reason why the hackers have chosen routers for initializing this infection.

I thought of giving this information to the users to become more careful while using the Internet. What do you think about such frequent malware attacks? Let me know about it  your thoughts.