Researchers have found a malicious Android app that can tamper with the public WiFi router to which an infected phone is connected and force the network to send all devices connected to it to malicious locations.

The malicious application, discovered by Kaspersky Lab security experts, uses a technique known as DNS hijacking, which is the domain name system of the Internet.

Once installed, the application attempts to connect to the router in public Wi-Fi networks in restaurants, cafes, parks, and libraries and attempts to log into the network administrator account using default or commonly used credentials, such as the word "admin".

Upon success, the application then changes the DNS server - defined in the network - to the malicious server controlled by the attackers.

This process enables hackers to direct devices connected to the restaurant or café's network to deceptive sites that mimic legitimate sites but spread malware or log user credentials or other sensitive information.

For example, when the victim's phone who is working on a public Internet located in a cafe is infected, and this person wants to open the Google search engine, the malware directs the victim to a fake site for the Google engine that appears as if it is the real site, and thus the hackers can know The information the user is looking for, eg.

able to spread widely

"We believe that detection of an app that alters the DNS system is very important in terms of security, as an attacker can use it to manage all connections from devices with a compromised Wi-Fi router from any public network," Kaspersky researchers wrote.

The researchers continued, "Users connect infected Android devices to a public/free WiFi network in places like cafes, bars, libraries, hotels, shopping malls, and airports. When connected to this infected network, other Android devices will also be affected. As a result, they are able to spread widely." wide in the target areas.

The attackers, known in the security industry as Roaming Mantis, designed this type of attack known as "DNS hijacking" to only work when devices connect to infected Wi-Fi, which is a dangerous way to ensure that malware is not detected.

One way to combat the threat is to make sure that the password protecting the network administrator account is changed from an easy password to a strong one.