Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is designed to steal user information including credentials and to provide attackers with full control over the compromised Android device. Between February and April 2018, researchers detected the malware in over 150 user networks, mainly in South Korea, Bangladesh, and Japan, but there are likely to be many more victims. Researchers believe a cybercriminal group looking for financial gain is behind the operation.

 

According to Vitaly Kamluk, Director of the Global Research Analysis Team (GReAT) – APAC, “The story was recently reported in the Japanese media, but once we did a little more research, we found that the threat does not originate there. In fact, we found a number of clues that the attacker behind this threat speaks either Chinese or Korean. Further, the majority of victims were not located in Japan either. Roaming Mantis seems to be focusing mainly on Korea and Japan appears to have been a kind of collateral damage.

 

Kaspersky Lab’s findings indicate that the attackers behind the malware seek out vulnerable routers for compromise, and distribute the malware through a simple yet very effective trick of hijacking the DNS settings of those infected routers. The method of router compromise remains unknown. Once the DNS is successfully hijacked, any attempt by users to access any website leads them to a genuine-looking URL with forged content coming from the attackers’ server. This includes the request: “To better experience the browsing, update to the latest chrome version.” Clicking on the link initiates the installation of a Trojanized application named either ‘facebook.apk’ or ‘chrome.apk’, which contains the attackers’ Android backdoor.

 

The Roaming Mantis malware checks to see if the device is rooted and requests permission to be notified of any communications or browsing activity undertaken by the user. It is also capable of collecting a wide range of data, including credentials for two-factor authentication. Researchers found that some of the malware code includes references to mobile banking and game application IDs popular in South Korea. Taken together, these indicators suggest a possible financial motive behind this campaign.

 

While Kaspersky Lab’s detection data uncovered around 150 targets, further analysis also revealed thousands of connections hitting the attackers’ command & control (C2) servers on a daily basis, pointing to a far larger scale of attack.

 

The design of Roaming Mantis’ malware shows it is intended for wider distribution across Asia. Among other things, it supports four languages: Korean, simplified Chinese, Japanese, and English. However, the artefacts gathered suggest the threat actors behind this attack are familiar mostly with Korean and simplified Chinese.

 

Roaming Mantis is an active and rapidly changing threat. This is why we are publishing our findings now, rather than waiting until we have all the answers. There appears to be considerable motivation behind these attacks, and we need to raise awareness so that people and organizations can better recognize the threat. The use of infected routers and hijacked DNS highlights the need for robust device protection and the use of secure connections,” says Suguru Ishimaru, Security Researcher at Kaspersky Lab Japan.

 

Kaspersky Lab products detect this threat as ‘Trojan-Banker.AndroidOS.Wroba

In order to protect your internet connection from this infection, Kaspersky Lab recommends the following:

  • Refer to your router’s user manual to verify that your DNS settings haven’t been tampered with, or contact your ISP for support.
  • Change the default login and password for the admin web interface of the router.
  • Never install router firmware from third party sources. Avoid using third-party repositories for your Android devices.
  • Regularly update your router’s firmware from the official source.

RECOMMENDED ARTICLE FOR TECHWORLD


 
Fortinet PH Gives Back through Bloodletting Activity
Techworld Date Posted: 2 December 2017 4:07 PM | 264 Views
Fortinet Philippines, a global leader in high-performance cyber security solutions, recently conducted a bloodletting activity in support of the Philippine Red Cross (PRC) National Blood Services, at the PRC Tower National Blood Center in.... See More
 
Fortinet PH Gives Back through Bloodletting Activity
Techworld Date Posted: 4:07 PM | 264 Views
Fortinet Philippines, a global leader in high-performance cyber security solutions, recently conducted a bloodletting activity in support of the Philippine Red Cross (PRC) National Blood Services, at the PRC Tower National Blood Center in...See More

Frank Emmanuel Trazo
Hewlett Packard Enterprise: One of Silicon Valley’s Pioneers
Techworld • By: Frank Emmanuel Trazo | Date Posted: 22 June 2017 9:03 AM | 1225 Views
Last May 2017, Hewlett Packard Enterprise (HPE) decided to open an Asia-Pacific headquarters in Singapore. . See More
Frank Emmanuel Trazo
Hewlett Packard Enterprise: One of Silicon Valley’s Pioneers
Techworld • By: Frank Emmanuel Trazo | Date Posted: 9:03 AM | 1225 Views
Last May 2017, Hewlett Packard Enterprise (HPE) decided to open an Asia-Pacific headquarters in Singapore. See More

 
ADATA P10050C Power Bank Wins Golden Pin Design Award 2018
Techworld Date Posted: 20 October 2018 9:16 AM | 82 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is proud to announce that its P10050C power bank has won the Golden Pin Design Award 2018. This win for the.... See More
 
ADATA P10050C Power Bank Wins Golden Pin Design Award 2018
Techworld Date Posted: 9:16 AM | 82 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is proud to announce that its P10050C power bank has won the Golden Pin Design Award 2018. This win for the...See More

 
Kaspersky Lab Wins ‘Best Industrial Cyber Security Provider’ at Asian Manufacturing Awards 2017
Techworld Date Posted: 27 September 2017 5:23 PM | 209 Views
David Tiong, Asia Pacific (APAC) Marketing Director of Kaspersky Lab (left) receives the award from Raymond Wong, CEO of Contineo Media (right). Kaspersky Lab is proud to bring home the ‘Best Industrial Cyber.... See More
 
Kaspersky Lab Wins ‘Best Industrial Cyber Security Provider’ at Asian Manufacturing Awards 2017
Techworld Date Posted: 5:23 PM | 209 Views
David Tiong, Asia Pacific (APAC) Marketing Director of Kaspersky Lab (left) receives the award from Raymond Wong, CEO of Contineo Media (right). Kaspersky Lab is proud to bring home the ‘Best Industrial Cyber...See More

 
NARUTO TO BORUTO: SHINOBI STRIKER UNVEILS ITS GAMEPLAY WITH MORE DETAILS ABOUT FIGHTERS AND BATTLE MODES
Techworld Date Posted: 23 August 2017 11:49 AM | 317 Views
BANDAI NAMCO Entertainment Asia is excited to reveal the amazing new content about the acrobatic ninja battle action game developed by Soleil Ltd. AVATAR SYSTEM For the first time in the Naruto series, the Avatar System.... See More
 
NARUTO TO BORUTO: SHINOBI STRIKER UNVEILS ITS GAMEPLAY WITH MORE DETAILS ABOUT FIGHTERS AND BATTLE MODES
Techworld Date Posted: 11:49 AM | 317 Views
BANDAI NAMCO Entertainment Asia is excited to reveal the amazing new content about the acrobatic ninja battle action game developed by Soleil Ltd. AVATAR SYSTEM For the first time in the Naruto series, the Avatar System...See More

 
Lian Li Announces Upcoming Line-Up Showcase for COMPUTEX 2018
Techworld Date Posted: 28 May 2018 1:50 PM | 189 Views
Lian Li Industrial Co. Ltd., world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions and case accessories is excited to invite everyone to Lian Li’s product showcase during COMPUTEX 2018 at.... See More
 
Lian Li Announces Upcoming Line-Up Showcase for COMPUTEX 2018
Techworld Date Posted: 1:50 PM | 189 Views
Lian Li Industrial Co. Ltd., world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions and case accessories is excited to invite everyone to Lian Li’s product showcase during COMPUTEX 2018 at...See More

 
The New Smart Watch from PLDT HOME is a Must-have for Kids and Here’s Why
Techworld Date Posted: 18 July 2016 2:19 PM | 591 Views
Are you looking for a useful yet super cool gift for your kid? How about a watch? No, how about a Smart Watch? The Smart Watch from PLDT HOME is the latest, and coolest, gadget for kids,.... See More
 
The New Smart Watch from PLDT HOME is a Must-have for Kids and Here’s Why
Techworld Date Posted: 2:19 PM | 591 Views
Are you looking for a useful yet super cool gift for your kid? How about a watch? No, how about a Smart Watch? The Smart Watch from PLDT HOME is the latest, and coolest, gadget for kids,...See More

 
Kaspersky Lab Moving Core Infrastructure from Russia to Switzerland; Opening First Transparency Center
Techworld Date Posted: 16 May 2018 3:56 PM | 554 Views
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.. See More
 
Kaspersky Lab Moving Core Infrastructure from Russia to Switzerland; Opening First Transparency Center
Techworld Date Posted: 3:56 PM | 554 Views
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.See More

 
Have Asia’s SMEs Got Talent
Techworld Date Posted: 1 August 2017 3:59 PM | 243 Views
What do “Asia’s Got Talent”, “Asian Idol”, and “The Voice” all have in common? …The ability to attract amazing talent who participate in these competitions to kick start their careers.. See More
 
Have Asia’s SMEs Got Talent
Techworld Date Posted: 3:59 PM | 243 Views
What do “Asia’s Got Talent”, “Asian Idol”, and “The Voice” all have in common? …The ability to attract amazing talent who participate in these competitions to kick start their careers.See More

 
IDC Financial Insights Unveils 10 Fast Growing Fintechs for the Philippines at FinTech Innovation Summit 2017
Techworld Date Posted: 14 September 2017 2:02 PM | 276 Views
MANILA, Philippines – IDC Financial Insights unveiled a list of 10 fast growing fintechs in the Philippines, part of the broader FinTech 101 list for Asia/Pacific, at the FinTech Innovation Summit 2017 held at.... See More
 
IDC Financial Insights Unveils 10 Fast Growing Fintechs for the Philippines at FinTech Innovation Summit 2017
Techworld Date Posted: 2:02 PM | 276 Views
MANILA, Philippines – IDC Financial Insights unveiled a list of 10 fast growing fintechs in the Philippines, part of the broader FinTech 101 list for Asia/Pacific, at the FinTech Innovation Summit 2017 held at...See More


Power by

Download Free AZ | Free Wordpress Themes