Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is designed to steal user information including credentials and to provide attackers with full control over the compromised Android device. Between February and April 2018, researchers detected the malware in over 150 user networks, mainly in South Korea, Bangladesh, and Japan, but there are likely to be many more victims. Researchers believe a cybercriminal group looking for financial gain is behind the operation.

 

According to Vitaly Kamluk, Director of the Global Research Analysis Team (GReAT) – APAC, “The story was recently reported in the Japanese media, but once we did a little more research, we found that the threat does not originate there. In fact, we found a number of clues that the attacker behind this threat speaks either Chinese or Korean. Further, the majority of victims were not located in Japan either. Roaming Mantis seems to be focusing mainly on Korea and Japan appears to have been a kind of collateral damage.

 

Kaspersky Lab’s findings indicate that the attackers behind the malware seek out vulnerable routers for compromise, and distribute the malware through a simple yet very effective trick of hijacking the DNS settings of those infected routers. The method of router compromise remains unknown. Once the DNS is successfully hijacked, any attempt by users to access any website leads them to a genuine-looking URL with forged content coming from the attackers’ server. This includes the request: “To better experience the browsing, update to the latest chrome version.” Clicking on the link initiates the installation of a Trojanized application named either ‘facebook.apk’ or ‘chrome.apk’, which contains the attackers’ Android backdoor.

 

The Roaming Mantis malware checks to see if the device is rooted and requests permission to be notified of any communications or browsing activity undertaken by the user. It is also capable of collecting a wide range of data, including credentials for two-factor authentication. Researchers found that some of the malware code includes references to mobile banking and game application IDs popular in South Korea. Taken together, these indicators suggest a possible financial motive behind this campaign.

 

While Kaspersky Lab’s detection data uncovered around 150 targets, further analysis also revealed thousands of connections hitting the attackers’ command & control (C2) servers on a daily basis, pointing to a far larger scale of attack.

 

The design of Roaming Mantis’ malware shows it is intended for wider distribution across Asia. Among other things, it supports four languages: Korean, simplified Chinese, Japanese, and English. However, the artefacts gathered suggest the threat actors behind this attack are familiar mostly with Korean and simplified Chinese.

 

Roaming Mantis is an active and rapidly changing threat. This is why we are publishing our findings now, rather than waiting until we have all the answers. There appears to be considerable motivation behind these attacks, and we need to raise awareness so that people and organizations can better recognize the threat. The use of infected routers and hijacked DNS highlights the need for robust device protection and the use of secure connections,” says Suguru Ishimaru, Security Researcher at Kaspersky Lab Japan.

 

Kaspersky Lab products detect this threat as ‘Trojan-Banker.AndroidOS.Wroba

In order to protect your internet connection from this infection, Kaspersky Lab recommends the following:

  • Refer to your router’s user manual to verify that your DNS settings haven’t been tampered with, or contact your ISP for support.
  • Change the default login and password for the admin web interface of the router.
  • Never install router firmware from third party sources. Avoid using third-party repositories for your Android devices.
  • Regularly update your router’s firmware from the official source.

RECOMMENDED ARTICLE FOR TECHWORLD


 
Hidden Miners on Google Play
Techworld Date Posted: 11 April 2018 4:48 PM | 348 Views
  Kaspersky Lab’s researchers have discovered that more and more cyber criminals are turning their attention to malicious software that mines cryptocurrencies at the expense of users’ mobile devices. These criminals are getting greedier.... See More
 
Hidden Miners on Google Play
Techworld Date Posted: 4:48 PM | 348 Views
  Kaspersky Lab’s researchers have discovered that more and more cyber criminals are turning their attention to malicious software that mines cryptocurrencies at the expense of users’ mobile devices. These criminals are getting greedier...See More

Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 6 September 2017 9:34 AM | 280 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval.... See More
Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 9:34 AM | 280 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval...See More

 
As Data Volumes Explode, Toshiba and Helium Help the Cloud Float to New Capacity Highs
Techworld Date Posted: 26 April 2018 5:31 PM | 371 Views
Storing digisnaps of places visited and meals eaten, archiving documents, sharing conference materials with colleagues; these days it’s becoming second nature to store all sorts of data in the cloud, where it’s safe until.... See More
 
As Data Volumes Explode, Toshiba and Helium Help the Cloud Float to New Capacity Highs
Techworld Date Posted: 5:31 PM | 371 Views
Storing digisnaps of places visited and meals eaten, archiving documents, sharing conference materials with colleagues; these days it’s becoming second nature to store all sorts of data in the cloud, where it’s safe until...See More

 
Tech4ED Named as Finalist in IDC Smart City Asia Pacific Awards (SCAPA) 2017
Techworld Date Posted: 20 June 2017 2:32 PM | 252 Views
MANILA – IDC Government Insights Asia Pacific announced today that Tech4ED has been chosen as one of the finalists in the annual IDC Smart City Asia Pacific Awards (SCAPA) 2017 under the category of.... See More
 
Tech4ED Named as Finalist in IDC Smart City Asia Pacific Awards (SCAPA) 2017
Techworld Date Posted: 2:32 PM | 252 Views
MANILA – IDC Government Insights Asia Pacific announced today that Tech4ED has been chosen as one of the finalists in the annual IDC Smart City Asia Pacific Awards (SCAPA) 2017 under the category of...See More

 
DreamHack and CORSAIR Enter Strategic Partnership
Techworld Date Posted: 15 December 2017 10:06 AM | 202 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack.... See More
 
DreamHack and CORSAIR Enter Strategic Partnership
Techworld Date Posted: 10:06 AM | 202 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack...See More

PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 26 October 2017 2:36 PM | 251 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and.... See More
PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 2:36 PM | 251 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and...See More

 
F5 Names Ben Gibson as Chief Marketing Officer
Techworld Date Posted: 4 August 2017 1:11 PM | 196 Views
Business leader with 25 years of experience at Veritas, Aruba Networks, and Cisco Systems to head global marketing team Philippines, August 4, 2016 — F5 Networks (NASDAQ: FFIV), the global leader in application networking and.... See More
 
F5 Names Ben Gibson as Chief Marketing Officer
Techworld Date Posted: 1:11 PM | 196 Views
Business leader with 25 years of experience at Veritas, Aruba Networks, and Cisco Systems to head global marketing team Philippines, August 4, 2016 — F5 Networks (NASDAQ: FFIV), the global leader in application networking and...See More

 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 30 July 2018 3:47 PM | 411 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.. See More
 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 3:47 PM | 411 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.See More

 
MSI GAMING PH ANNOUNCES OFFICIAL LAUNCH OF NEW CONCEPT STORE
Techworld Date Posted: 10 November 2017 10:36 AM | 225 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, will be having a grand launching celebration of their newest MSI Concept Store on November 16, 2017.. See More
 
MSI GAMING PH ANNOUNCES OFFICIAL LAUNCH OF NEW CONCEPT STORE
Techworld Date Posted: 10:36 AM | 225 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, will be having a grand launching celebration of their newest MSI Concept Store on November 16, 2017.See More

 
Power Mac Center Opens Biggest Store in Festival Mall, Alabang
Techworld Date Posted: 15 December 2017 10:27 AM | 270 Views
Head south this weekend as premier Apple partner Power Mac Center is opening its biggest branch in the country yet. The brand new store and service center. See More
 
Power Mac Center Opens Biggest Store in Festival Mall, Alabang
Techworld Date Posted: 10:27 AM | 270 Views
Head south this weekend as premier Apple partner Power Mac Center is opening its biggest branch in the country yet. The brand new store and service centerSee More


Power by

Download Free AZ | Free Wordpress Themes