Warning to owners of Android phones… Hackers target them via public Internet networks
The malicious app uses a technique known as DNS Hijacking, which is the domain name system of the Internet (networking sites).
Researchers have found a malicious Android app that can tamper with the public WiFi router to which an infected phone is connected and force the network to send all connected devices to malicious locations.
The malicious application, discovered by Kaspersky Lab security experts, uses a technique known as DNS hijacking, which is the domain name system of the Internet.
Once the app is installed, it attempts to connect to the router in public Wi-Fi networks in restaurants, cafes, or parks and libraries and log into the network administrator account using default or commonly used credentials, such as admin.
Upon success, the application then changes the DNS server – defined in the network – to the malicious server controlled by the attackers. This process enables hackers to direct devices connected to the restaurant or café’s network to deceptive sites that mimic legitimate sites but spread malware or record user credentials or other sensitive information.
For example, when a victim phone who works on a public Internet located in a cafe is infected, and this person wants to open the “Google” search engine, the malware directs the victim to a fake site for the Google engine that appears as if it is the real site, and in this way, the hackers can know Information the user is looking for.
Able to spread widely
“We believe that detection of an app that alters the DNS system is very important in terms of security, as an attacker can use it to manage all connections from devices with a compromised Wi-Fi router from any public network,” Kaspersky researchers wrote.
The researchers continued, “Users connect infected Android devices to a public/free WiFi network in places like cafes, bars, libraries, hotels, shopping malls, and airports. When connected to this infected network, other Android devices will also be affected. As a result, they are able to spread widely.” wide in the target areas.
The attackers, known in the security industry as Roaming Mantis, designed this type of attack known as “DNS hijacking” to only work when devices connect to infected Wi-Fi, which is a dangerous way to ensure the malware is not detected.
One way to combat the threat is to make sure that the password protecting the network administrator account is changed from an easy password to a strong one.