On 16 April, Kaspersky Lab researchers reported on a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting mainly smartphones in Asia. Four weeks on, the threat continues to evolve rapidly and has now extended its target geography to include Europe and the Middle East, adding a phishing option for iOS devices and PC crypto-mining capability.

 

The campaign, dubbed Roaming Mantis, is designed mainly to steal user information including credentials and to provide attackers with full control over the compromised device. The researchers believe a Korean or Chinese-speaking cybercriminal group looking for financial gain is behind the operation.

 

Method of attack
Kaspersky Lab’s findings indicate that the attackers behind Roaming Mantis seek out vulnerable routers for compromise, and distribute the malware through a simple yet very effective trick of hijacking the DNS settings of those infected routers. The method of router compromise remains unknown.

 

Once the DNS is successfully hijacked, any attempt by users to access any website leads them to a genuine-looking URL with forged content coming from the attackers’ server. This includes the request: “To better experience the browsing, update to the latest chrome version.” Clicking on the link initiates the installation of a Trojanized application named either ‘facebook.apk’ or ‘chrome.apk’, which contains the attackers’ Android backdoor.

 

The Roaming Mantis malware checks to see if the device is rooted and requests permission to be notified of any communications or browsing activity undertaken by the user. It is also capable of collecting a wide range of data, including credentials for two-factor authentication.

 

Their interest in this and the fact that some of the malware code includes references to mobile banking and game application IDs popular in South Korea suggest a possible financial motive behind this campaign.

 

Expanded target geography and features

 

Kaspersky Lab’s initial research uncovered around 150 targets, mainly in South Korea, Bangladesh, and Japan, but it also revealed thousands of connections hitting the attackers’ command & control (C2) servers on a daily basis, pointing to a far larger scale of attack. The malware included support for four languages: Korean, simplified Chinese, Japanese, and English.

 

The attack range has now been extended, supporting 27 languages in all, including Filipino, Polish, German, Arabic, Bulgarian and Russian. The attackers have also introduced a redirection to Apple-themed phishing pages if the malware encounters an iOS device.

 

The latest addition to the arsenal is a malicious website with PC crypto-mining capability. Kaspersky Lab’s observations suggest that at least one wave of wider attacks has taken place, with researchers noting over 100 targets among Kaspersky Lab customers within a few days.

 

When we first reported on Roaming Mantis in April we said that it was an active and rapidly changing threat. New evidence shows a dramatic expansion in target geography to include Europe and the Middle East, and more. We believe the attackers are cybercriminals looking for financial gain and have found a number of clues to suggest that the attackers speak either Chinese or Korean. There is clearly considerable motivation behind this threat, so it is unlikely to diminish any time soon. The use of infected routers and hijacked DNS highlights the need for robust device protection and the use of secure connections,” says Suguru Ishimaru, Security Researcher at Kaspersky Lab Japan.

 

Kaspersky Lab products detect the Roaming Mantis threat as ‘Trojan-Banker.AndroidOS.

 

In order to protect your internet connection from this infection, Kaspersky Lab recommends the following:

  • Refer to your router’s user manual to verify that your DNS settings haven’t been tampered with, or contact your ISP for support.
  • Change the default login and password for the admin web interface of the router and regularly update your router’s firmware from the official source.
  •  Never install router firmware from third party sources. Avoid using third-party repositories for your Android devices.
  • Further, always check browser and website addresses to ensure they are legitimate; look for signs such as https when asked to enter data.
  • Consider installing a mobile security solution, such as Kaspersky Internet Security for Android, to protect your devices from these and other threats.

 

For more information on Roaming Mantis and technical information, please read the blogpost on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
GALAX’s Overclocking/eSports Carnival 2017 to Take Place in Bangkok, Thailand
Techworld Date Posted: 18 November 2017 9:59 AM | 390 Views
It’s that time of the year for GALAX most highlighted annual event, the GALAX Overclocking and eSports Carnival 2017 (GOC/GEC).. See More
 
GALAX’s Overclocking/eSports Carnival 2017 to Take Place in Bangkok, Thailand
Techworld Date Posted: 9:59 AM | 390 Views
It’s that time of the year for GALAX most highlighted annual event, the GALAX Overclocking and eSports Carnival 2017 (GOC/GEC).See More

 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 21 December 2017 5:12 PM | 580 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding.... See More
 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 5:12 PM | 580 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding...See More

 
Kaspersky Lab Helps to Secure Bionic Technologies for People with Disabilities
Techworld Date Posted: 28 February 2019 2:14 PM | 88 Views
Kaspersky Lab experts investigating the experimental cloud infrastructure for advanced bionic prostheses have identified several previously unknown security issues that could enable a third party to access, manipulate, steal or even delete the private.... See More
 
Kaspersky Lab Helps to Secure Bionic Technologies for People with Disabilities
Techworld Date Posted: 2:14 PM | 88 Views
Kaspersky Lab experts investigating the experimental cloud infrastructure for advanced bionic prostheses have identified several previously unknown security issues that could enable a third party to access, manipulate, steal or even delete the private...See More

 
SAP Honored with Prestigious “Friend of ASEAN” Award for Contributions to the ASEAN Region
Techworld Date Posted: 27 December 2018 2:23 PM | 116 Views
SAP SE (NYSE: SAP) has recently announced it was awarded the prestigious “Friend of ASEAN” accolade for its positive social and economic contributions to the Southeast Asia region at the ASEAN Business Awards 2018.. See More
 
SAP Honored with Prestigious “Friend of ASEAN” Award for Contributions to the ASEAN Region
Techworld Date Posted: 2:23 PM | 116 Views
SAP SE (NYSE: SAP) has recently announced it was awarded the prestigious “Friend of ASEAN” accolade for its positive social and economic contributions to the Southeast Asia region at the ASEAN Business Awards 2018.See More

 
One Year On: Filipino Social Enterprises Better Equipped to Improve Quality of Education Following Completion of SAP Social Sabbatical Program
Techworld Date Posted: 14 July 2017 2:22 PM | 302 Views
Following the completion of SAP Social Sabbatical Program in the Philippines last year, two participating social enterprises, Teach for the Philippines and Silid Aralan (SAI), reported that their organizations are better able to fulfill.... See More
 
One Year On: Filipino Social Enterprises Better Equipped to Improve Quality of Education Following Completion of SAP Social Sabbatical Program
Techworld Date Posted: 2:22 PM | 302 Views
Following the completion of SAP Social Sabbatical Program in the Philippines last year, two participating social enterprises, Teach for the Philippines and Silid Aralan (SAI), reported that their organizations are better able to fulfill...See More

 
Lazada Hacks: 6 Ways to Save on Realme C1
Techworld Date Posted: 7 December 2018 8:59 AM | 244 Views
Christmas is just around the corner! Celebrate the festive season with a discounted treat from Realme’s #RealEntryLevelKing – Realme C1. Sharing with you some Lazada hacks to score Realme C1 even lower than the.... See More
 
Lazada Hacks: 6 Ways to Save on Realme C1
Techworld Date Posted: 8:59 AM | 244 Views
Christmas is just around the corner! Celebrate the festive season with a discounted treat from Realme’s #RealEntryLevelKing – Realme C1. Sharing with you some Lazada hacks to score Realme C1 even lower than the...See More

 
Transcend Is Honored with Five Taiwan Excellence Awards 2019
Techworld Date Posted: 21 November 2018 1:25 PM | 138 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, is proud to announce that five of its state-of-the art products have been awarded the 2019 Taiwan Excellence Award for their innovation.. See More
 
Transcend Is Honored with Five Taiwan Excellence Awards 2019
Techworld Date Posted: 1:25 PM | 138 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, is proud to announce that five of its state-of-the art products have been awarded the 2019 Taiwan Excellence Award for their innovation.See More

 
ASUS Republic of Gamers Launches Maximus X and Strix Z370 Series Motherboards
Techworld Date Posted: 19 October 2017 8:37 AM | 640 Views
ASUS Republic of Gamers (ROG) today announced Maximus X and Strix Z370, a diverse collection of ROG Z370 gaming motherboards featuring support for the latest 8th Generation IntelCoreTM processors and designed for a range.... See More
 
ASUS Republic of Gamers Launches Maximus X and Strix Z370 Series Motherboards
Techworld Date Posted: 8:37 AM | 640 Views
ASUS Republic of Gamers (ROG) today announced Maximus X and Strix Z370, a diverse collection of ROG Z370 gaming motherboards featuring support for the latest 8th Generation IntelCoreTM processors and designed for a range...See More

 
AOC Monitors Continuously Dominate the PH Market in Monitor Sales
Techworld Date Posted: 28 January 2019 4:25 PM | 96 Views
According to the most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, AOC has once again overtaken the Philippine market in monitor sales during the third quarter.... See More
 
AOC Monitors Continuously Dominate the PH Market in Monitor Sales
Techworld Date Posted: 4:25 PM | 96 Views
According to the most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, AOC has once again overtaken the Philippine market in monitor sales during the third quarter...See More

 
PUBG Performance Reveal — GeForce GTX 1060 Recommended for 1080P 60 FPS Gameplay
Techworld Date Posted: 19 December 2017 2:57 PM | 344 Views
On December 20, PLAYERUNKNOWN’S BATTLEGROUNDS (PUBG) exits Early Access and moves to launch status, and over 25 million PC gamers will be looking to set up their PCs for optimal gameplay. See More
 
PUBG Performance Reveal — GeForce GTX 1060 Recommended for 1080P 60 FPS Gameplay
Techworld Date Posted: 2:57 PM | 344 Views
On December 20, PLAYERUNKNOWN’S BATTLEGROUNDS (PUBG) exits Early Access and moves to launch status, and over 25 million PC gamers will be looking to set up their PCs for optimal gameplaySee More


Power by

Download Free AZ | Free Wordpress Themes