In these times you have to be especially careful with viruses. And it is that, if we lower our guard, perhaps we will have to deal with some malware that is capable of infecting all the devices that connect to our WiFi router. And this is exactly what happens with the well-known Roaming Mantis malware.
Although it is not a new malware, since it has been known about it for years, now it has returned to its old ways. Basically, security experts have been able to verify how they have launched a new variant of this virus, under the name of Wroba, which is capable of infecting WiFi routers and hijacking the DNS configuration of computers. And all through Android phones.
The Danger of the Roaming Mantis Virus
As we said, we are not dealing with new malware. The problem is that, from Kaspersky, they have discovered a new updated version, called Wroba, which puts WiFi routers at risk. More than anything, because Android mobile devices are used to connect to WiFi routers, in order to completely modify their DNS settings and make them vulnerable. In this way, they achieve their goal, which is to spread the malware to other devices without any problems.
In its beginnings, back in 2018, they discovered that this malware was focused on users who live in different Asian countries, such as Japan, South Korea or Taiwan. However, in the middle of 2022 it managed to enter France and Germany, after managing to completely camouflage itself in the Google Chrome web browser app.
For this very reason, since September of last year, Kaspersky researchers came to study Wroba in depth, discovering that this version of the Roaming Mantis malware is capable of changing DNS. Basically, this type of attack manages to catch users by surprise by redirecting them to fake web pages or alternative content using the well-known DNS hijacking technique. And, generally, it has been used to be able to steal private data from victims, such as bank accounts.
The new Wroba variant
With this latest update, the security of WiFi routers is put at risk. Everything will depend on the Android device that connects to the wireless network. This is because “the new DNS changer functionality can manage all communications from devices using the compromised WiFi router, such as redirecting to malicious hosts and disabling security product updates,” as confirmed by Kaspersky. . With this, it is possible to redirect users to pages that are under the control of the cybercriminal.
For example, all those Android devices that are infected with this malware, when connected to a public or other home Wi-Fi network, is capable of spreading the virus to the rest of the devices that are connected to the same wireless network. In addition, it can steal bank details or collect personal information from the victims that they have on the smartphone. This attack has manifested itself in Austria, France, Germany, India, Japan, Malaysia, Taiwan, Turkey and the US through smishing.
