Let’s go threat hunting in Censys! In this case, we’re hunting for RoamingMantis, a mobile banking threat that affects users by altering local DNS settings for further endpoint abuse. DNS Changer malware isn’t new, but RoamingMantis is a new delivery vehicle.
News broke this week about a critical vulnerability in the firmware of certain HiSilicon-based devices running software from Xiongmai, including network video recorders, IP enabled cameras, and digital video recorders. At Censys, our extended dataset for enterprise customers, the Universal Internet Data Set (UIDS), has been scanning port 9530 for some time now and found 188,989 hosts with that port open.