Roaming Mantis (f35f219a-6eed-11e8-980a-93bb96299951)
Roaming Mantis malware is designed for distribution through a simple, but very efficient trick based on a technique known as DNS hijacking. When a user attempts to access any website via a compromised router, they will be redirected to a malicious website. For example, if a user were to navigate to www.securelist.com using a web browser, the browser would be redirected to a rogue server which has nothing to do with the security research blog. As long as the browser displays the original URL, users are likely to believe the website is genuine. The web page from the rogue server displays the popup message: To better experience the browsing, update to the latest chrome version.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Roaming Mantis (31d2ce1f-44bf-4738-a41d-ddb43466cd82) | Malpedia | Roaming Mantis (f35f219a-6eed-11e8-980a-93bb96299951) | Tool | 1 |