Router configuration rewriting attack, is the complete control of the rampant and the complete control?
Security companies Kaspersky Labs have published detailed analysis results on April 17 blogs, about the frequent occurrence of router settings and infections in unauthorized apps in Japan.
In this attack, the DNS settings of the router were rewritten and induced to an illegal IP address, and the Android malware "Facebook".APK "" Chrome."APK" is downloaded.
According to Kaspersky, only 150 unique users detected this malware more than 6,000 times in two months from February 9 to April 9, 2018, saying, "Some users are the same malware for their network.I have experienced the pain of appearing over and over again. "South Korea was the most detected, followed by Bangladesh and Japan.
マルウェアの検知数が最も多かったのは韓国で、次いでバングラデシュ、日本の順だった(出典:Kaspersky Labs)This malware requires a large number of authority, such as the terminal information and ID reading at the time of installation, and displays the name and the input screen of the date of birth.In addition, it has been found that there is some evidence that two -step certification information is trying to obtain.
However, there is a mistake specified in Korean where the Japanese message should be specified, "The attacker has special interest in South Korea and Traditional Chinese users.You can see it. "
本来なら日本語のメッセージが指定されているべきところに、韓国語が指定されるミスがある(出典:Kaspersky Labs)Kaspersky estimates that the purpose of this malware is to steal user data including two -step authentication information and put Android devices under complete control.The unauthorized apps were originally distributed in South Korea and later expanded to the Asian region in response to traditional, English and Japanese.
Kaspersky named this attack as "ROAMING MANTIS" because malware could grow through smartphone roaming between Wi-Fi networks.The attack is still active and warns that updates are being added every day.
It is still unknown how the DNS setting of the router is tampered with.If you are worried about your router's DNS settings, the company recommends that you refer to the user manual to see if it has been tampered with or contact the Internet provider.