Secure your Sensitive data from Roaming Mantis

Security researchers say there is a serious malware campaign going on android devices to steal your Sensitive data. Hackers hijacking Internet routers to distribute this malware to steal all your login credential and sensitive data.

Hijacking router’s DNS is not a new way hackers use. But so far they only redirect pages to malicious websites by tricking the users. DNS hijacking allows them to intercept the traffic, inject rogue ads and redirect pages. But now they are going beyond that. This new campaign was initially noticed by the researchers at Kaspersky Lab. According to their research the primary target of this campaign are Asian Countries.

Image credit mikehacks. Blogspot. Ru

How this malware works..?

Hackers modify the DNS settings of victim. Then they configure the DNS with their rogue Settings. It redirects victims to the fake versions of legitimate websites. Once they visit the website they display a pop-up message to “update the latest version of chrome”. If the user presses the OK button it automatically downloads the Roaming Mantis to the device,  masquerading as Chrome browser for Android. Also it takes permissions for,

  • SMS/MMS and making calls
  • Storage
  • Recording audio
  • Media
  • File system
  • Overlay

When they acquired  permissions they  overlay a warning message on all the other windows as “Account No.exists risks, use after certification”. Then the malware immediately starts a local server on the device and opens the fake chrome browser and asks user to fill the form as legitimate google asks. Which is tricky enough to fool most of the user.

Once the user given the login credentials and the malware has already gained the permission to receive SMS they can simply bypass the Two factor authentication.  When they have all of these you know what can be happen.

“They can have access to all your sensitive data, Including your banking details”


And this malware app primarily targeting mobile banking and gaming applications. Experts advice the users to upgrade the firmware and also to make sure the password is Strong enough. If you are using the same password it is better to change it.

If you have any queries on setting a stronger password or securing your DNS comment below..!

Leave your comment