Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is designed to steal user information including credentials and to provide attackers with full control over the compromised Android device. Between February and April 2018, researchers detected the malware in over 150 user networks, mainly in South Korea, Bangladesh, and Japan, but there are likely to be many more victims. Researchers believe a cybercriminal group looking for financial gain is behind the operation.

 

According to Vitaly Kamluk, Director of the Global Research Analysis Team (GReAT) – APAC, “The story was recently reported in the Japanese media, but once we did a little more research, we found that the threat does not originate there. In fact, we found a number of clues that the attacker behind this threat speaks either Chinese or Korean. Further, the majority of victims were not located in Japan either. Roaming Mantis seems to be focusing mainly on Korea and Japan appears to have been a kind of collateral damage.

 

Kaspersky Lab’s findings indicate that the attackers behind the malware seek out vulnerable routers for compromise, and distribute the malware through a simple yet very effective trick of hijacking the DNS settings of those infected routers. The method of router compromise remains unknown. Once the DNS is successfully hijacked, any attempt by users to access any website leads them to a genuine-looking URL with forged content coming from the attackers’ server. This includes the request: “To better experience the browsing, update to the latest chrome version.” Clicking on the link initiates the installation of a Trojanized application named either ‘facebook.apk’ or ‘chrome.apk’, which contains the attackers’ Android backdoor.

 

The Roaming Mantis malware checks to see if the device is rooted and requests permission to be notified of any communications or browsing activity undertaken by the user. It is also capable of collecting a wide range of data, including credentials for two-factor authentication. Researchers found that some of the malware code includes references to mobile banking and game application IDs popular in South Korea. Taken together, these indicators suggest a possible financial motive behind this campaign.

 

While Kaspersky Lab’s detection data uncovered around 150 targets, further analysis also revealed thousands of connections hitting the attackers’ command & control (C2) servers on a daily basis, pointing to a far larger scale of attack.

 

The design of Roaming Mantis’ malware shows it is intended for wider distribution across Asia. Among other things, it supports four languages: Korean, simplified Chinese, Japanese, and English. However, the artefacts gathered suggest the threat actors behind this attack are familiar mostly with Korean and simplified Chinese.

 

Roaming Mantis is an active and rapidly changing threat. This is why we are publishing our findings now, rather than waiting until we have all the answers. There appears to be considerable motivation behind these attacks, and we need to raise awareness so that people and organizations can better recognize the threat. The use of infected routers and hijacked DNS highlights the need for robust device protection and the use of secure connections,” says Suguru Ishimaru, Security Researcher at Kaspersky Lab Japan.

 

Kaspersky Lab products detect this threat as ‘Trojan-Banker.AndroidOS.Wroba

In order to protect your internet connection from this infection, Kaspersky Lab recommends the following:

  • Refer to your router’s user manual to verify that your DNS settings haven’t been tampered with, or contact your ISP for support.
  • Change the default login and password for the admin web interface of the router.
  • Never install router firmware from third party sources. Avoid using third-party repositories for your Android devices.
  • Regularly update your router’s firmware from the official source.

RECOMMENDED ARTICLE FOR TECHWORLD


 
Concerns on the Rise about Mobile Apps Watching and Tracking Users, Finds Kaspersky Lab
Techworld Date Posted: 16 July 2018 4:28 PM | 469 Views
The monitoring capabilities of mobile apps are becoming a concern for users, many of whom are worried that the apps on their connected devices might be able track them down, watch what they’re doing,.... See More
 
Concerns on the Rise about Mobile Apps Watching and Tracking Users, Finds Kaspersky Lab
Techworld Date Posted: 4:28 PM | 469 Views
The monitoring capabilities of mobile apps are becoming a concern for users, many of whom are worried that the apps on their connected devices might be able track them down, watch what they’re doing,...See More

 
International Women’s Day Kaspersky Lab Aims to Close the Gender Gap in Cybersecurity
Techworld Date Posted: 8 March 2018 4:33 PM | 227 Views
In recent years, more and more women have climbed the corporate ladder to occupy important positions in the business world serving as role models for young girls.. See More
 
International Women’s Day Kaspersky Lab Aims to Close the Gender Gap in Cybersecurity
Techworld Date Posted: 4:33 PM | 227 Views
In recent years, more and more women have climbed the corporate ladder to occupy important positions in the business world serving as role models for young girls.See More

 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 23 August 2018 2:03 PM | 394 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to.... See More
 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 2:03 PM | 394 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to...See More

 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 30 July 2018 3:47 PM | 546 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.. See More
 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 3:47 PM | 546 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.See More

 
F5 Named a WAF Leader by Independent Research Firm
Techworld Date Posted: 5 September 2018 3:35 PM | 163 Views
F5 Networks (NASDAQ: FFIV) just announced that it has been named a Leader in the Forrester Wave™: Web Application Firewalls, Q2 2018 report, published June 25, 2018. . See More
 
F5 Named a WAF Leader by Independent Research Firm
Techworld Date Posted: 3:35 PM | 163 Views
F5 Networks (NASDAQ: FFIV) just announced that it has been named a Leader in the Forrester Wave™: Web Application Firewalls, Q2 2018 report, published June 25, 2018. See More

 
17th Philippine Robotics Olympiad
Techworld Date Posted: 3 July 2018 11:17 AM | 1098 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools..... See More
 
17th Philippine Robotics Olympiad
Techworld Date Posted: 11:17 AM | 1098 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools....See More

 
The Nightmare Before Christmas: A Third of Shoppers’ Financial Credentials Compromised
Techworld Date Posted: 20 December 2018 4:32 PM | 114 Views
The time of unrestrained shopping has already begun, thanks to Black Friday in November. This is swiftly followed by Christmas and New Year gift-giving, and then the January sales.. See More
 
The Nightmare Before Christmas: A Third of Shoppers’ Financial Credentials Compromised
Techworld Date Posted: 4:32 PM | 114 Views
The time of unrestrained shopping has already begun, thanks to Black Friday in November. This is swiftly followed by Christmas and New Year gift-giving, and then the January sales.See More

 
IPC Shares Game Changing Nature of Productivity Apps to Kick Off #DiscoverDigital Seminar Series
Techworld Date Posted: 20 March 2018 9:34 AM | 501 Views
Local cloud services pioneer IPC (IP Converge Data Services, Inc.) opened its digital transformation seminar series this year with an insightful discourse on how productivity applications are changing the workplace for the better. Dubbed.... See More
 
IPC Shares Game Changing Nature of Productivity Apps to Kick Off #DiscoverDigital Seminar Series
Techworld Date Posted: 9:34 AM | 501 Views
Local cloud services pioneer IPC (IP Converge Data Services, Inc.) opened its digital transformation seminar series this year with an insightful discourse on how productivity applications are changing the workplace for the better. Dubbed...See More

 
MSI Gaming joins the biggest gaming event in the philippines, E-SPORTS and gaming summit 2017
Techworld Date Posted: 24 October 2017 10:21 AM | 438 Views
Pasay City, Philippines – Micro-star International or MSI, the world’s best-selling gaming laptop brand, is one of the sponsors and exhibitors in the ESGS Event this October 27-29, 2017 at the SMX Convention Center..... See More
 
MSI Gaming joins the biggest gaming event in the philippines, E-SPORTS and gaming summit 2017
Techworld Date Posted: 10:21 AM | 438 Views
Pasay City, Philippines – Micro-star International or MSI, the world’s best-selling gaming laptop brand, is one of the sponsors and exhibitors in the ESGS Event this October 27-29, 2017 at the SMX Convention Center....See More

 
Over One Third of All Phishing Attacks Target Financial Sector Customers in Second Quarter of 2018
Techworld Date Posted: 22 August 2018 1:42 PM | 355 Views
In the second quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented over 107 million attempts to visit phishing pages, of which 35.7% were related to financial services and targeting customers through fake banking or.... See More
 
Over One Third of All Phishing Attacks Target Financial Sector Customers in Second Quarter of 2018
Techworld Date Posted: 1:42 PM | 355 Views
In the second quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented over 107 million attempts to visit phishing pages, of which 35.7% were related to financial services and targeting customers through fake banking or...See More


Power by

Download Free AZ | Free Wordpress Themes