Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend its reach.

 

Close monitoring by Kaspersky Lab experts discovered that the Roaming Mantis was attempting to web mine iOS devices used for legitimate cryptomining. The malware banked on the popular CoinHive miner, the tool it first used to infect PCs.

 

Malicious cryptocurrency mining refers to hackers infecting a cryptomining platform to mine cryptocurrency from unaware victims.

 

“In our first report, we warned that Roaming Mantis is clearly designed to attack and reach more users. True to its name, it has been extending its malicious arms rapidly since April, in terms of its location and attack and evasion methods. From infecting Android devices, it engaged in phishing activities and is now trying to mine iOS gadgets used for cryptomining. From the initial four languages in Asia, this malware is now using a further 27, covering Europe and the Middle East. We are pretty much looking at cybercriminals who show no traces of stopping anytime soon,” warns Suguru Ishimaru, security researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT) Asia Pacific.

 

Researchers also noticed that the hackers have adopted a trial and error approach to test which technique would get them more money faster. For instance, the attacker modified the infected landing page of the malware, alternately using an Apple phishing site and a web coin-mining page.

 

Roaming Mantis has also boosted its attack and evasion tools. The group initially hijacked DNS systems of rogue Wi-Fi routers to infect Android users in Japan, Korea, India, and Bangladesh with Trojanized applications named facebook.apk and chrome.apk.

 

The latest updates reveal that facebook.apk has been changed to sagawa.apk and has been spread via a rented SMS message spoofing delivery service. This technique was first used last year by another cybergang.

 

Kaspersky Lab also uncovered that the attacker spreads its malware via Prezi, cloud-based presentation software that allows free user accounts, making it harder for security products to detect phishing or malicious activities as this site is considered legitimate. In addition, the redirected SCAM content shows that Roaming Mantis uses templates, which suggests that Prezi is an established delivery system for malicious content, too.

 

Aside from the updated tools and techniques, researchers at Kaspersky Lab spotted careless mistakes committed by the hacking group as they try to dabble in additional types of attacks as fast as possible.

 

Roaming Mantis, also known as MoqHao and XLoader, was launched in four languages and in two months quickly added two dozen more, including Asian languages — Bengali, both traditional and simplified Chinese, Hindi, Indonesian, Japanese, Korean, Malay, Filipino, Thai, and Vietnamese.

 

After this update, researchers detected mixed-ups in the language environment. For instance, Japanese users will get a pop-up message written in Korean.

 

The group also used HTML instead of URL to redirect users to their malicious content, contrary to how Prezi as a delivery system really works. As a result, the tweaked landing page was not able to infect its target victims.

 

“The intense financial motivation of this group is undoubtedly fueling it to try different attack and evasion tricks to widen its reach in a short period of time. In its haste to jump on different platforms, languages, and territories, Roaming Mantis is leaving crumbs of clues that guide us in understanding and predicting its next moves. While this group seems rich in manpower, time, and resources, Kaspersky Lab researchers tracking the minutest details will continue to dig up further forensic information to keep track of their movements,” adds Ishimaru.

 

To protect your devices against Roaming Mantis attacks, Kaspersky Lab suggests users do the following:

  • Check your router’s settings
  • Change the default login and password for admin of your devices, especially when used in cryptomining
  • Use robust security solutions for all your devices
  • Do not allow “Install unknown apps”

 

 

Kaspersky Lab security solutions detect malware used by Roaming Mantis as HEUR: Trojan-Banker and AndroidOS.Wroba.e and HEUR: Trojan-Banker and AndroidOS.Wroba.al.


RECOMMENDED ARTICLE FOR TECHWORLD


 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 27 February 2018 4:42 PM | 265 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.. See More
 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 4:42 PM | 265 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.See More

 
Get Lucky with MSI Gaming PH’s Treasure Hunt Promo Starting This January
Techworld Date Posted: 24 January 2018 4:49 PM | 388 Views
MSI, one of the leading gaming laptop brands, announces their “Treasure Hunt” promo in celebration with the upcoming Chinese New Year. . See More
 
Get Lucky with MSI Gaming PH’s Treasure Hunt Promo Starting This January
Techworld Date Posted: 4:49 PM | 388 Views
MSI, one of the leading gaming laptop brands, announces their “Treasure Hunt” promo in celebration with the upcoming Chinese New Year. See More

PCBG Contributing Writer
The Genius Behind Threadripper
Techworld • By: PCBG Contributing Writer | Date Posted: 2 August 2017 10:12 AM | 299 Views
Lisa Su, for those in the dark, is a Silicon Valley genius. She is one of the biggest names in the semiconductor business, a notable Forbes name for one of the most creative female.... See More
PCBG Contributing Writer
The Genius Behind Threadripper
Techworld • By: PCBG Contributing Writer | Date Posted: 10:12 AM | 299 Views
Lisa Su, for those in the dark, is a Silicon Valley genius. She is one of the biggest names in the semiconductor business, a notable Forbes name for one of the most creative female...See More

 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 28 November 2018 1:24 PM | 120 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for.... See More
 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 1:24 PM | 120 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for...See More

 
White Hot Looks, White Hot Performance – CORSAIR Launches VENGEANCE RGB White DDR4
Techworld Date Posted: 27 September 2017 5:18 PM | 447 Views
CORSAIR®, a world leader in PC components, high-performance gaming hardware and enthusiast memory, today announced a new addition to its line-up of performance RGB-lit DDR4 memory, VENGEANCE RGB White. Clad in a sleek new.... See More
 
White Hot Looks, White Hot Performance – CORSAIR Launches VENGEANCE RGB White DDR4
Techworld Date Posted: 5:18 PM | 447 Views
CORSAIR®, a world leader in PC components, high-performance gaming hardware and enthusiast memory, today announced a new addition to its line-up of performance RGB-lit DDR4 memory, VENGEANCE RGB White. Clad in a sleek new...See More

 
Fortinet Secures the Path to 5G with Proven Security Architecture and Solutions
Techworld Date Posted: 5 March 2019 3:51 PM | 146 Views
Fortinet (NASDAQ: FTNT), a global leader in broad, integrated and automated cyber security solutions, has announced extensive capabilities for securing the path to 5G with its expansive breadth and depth of solutions for mobile.... See More
 
Fortinet Secures the Path to 5G with Proven Security Architecture and Solutions
Techworld Date Posted: 3:51 PM | 146 Views
Fortinet (NASDAQ: FTNT), a global leader in broad, integrated and automated cyber security solutions, has announced extensive capabilities for securing the path to 5G with its expansive breadth and depth of solutions for mobile...See More

 
Lenovo and Asetek Team Up to Bring Gamers New Liquid-Cooled Lenovo Legion Y920 Tower
Techworld Date Posted: 29 August 2017 4:24 PM | 276 Views
Lenovo, the leading global technology brand, has just announced at gamescom2017 the Legion Y920 Tower, the newest member of its Legion gaming lineup that assures gamers a reliable, whisper-quiet, and always-cool gaming experience as.... See More
 
Lenovo and Asetek Team Up to Bring Gamers New Liquid-Cooled Lenovo Legion Y920 Tower
Techworld Date Posted: 4:24 PM | 276 Views
Lenovo, the leading global technology brand, has just announced at gamescom2017 the Legion Y920 Tower, the newest member of its Legion gaming lineup that assures gamers a reliable, whisper-quiet, and always-cool gaming experience as...See More

 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 27 September 2017 4:59 PM | 234 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet.... See More
 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 4:59 PM | 234 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet...See More

 
Epson Philippines Celebrates 20 Years of Leading the Show
Techworld Date Posted: 26 September 2018 3:48 PM | 156 Views
Epson Philippines Corporation (EPC) celebrated its 20th year anniversary at the Grand Ballroom of the Grand Hyatt Hotel in BGC, Taguig City. . See More
 
Epson Philippines Celebrates 20 Years of Leading the Show
Techworld Date Posted: 3:48 PM | 156 Views
Epson Philippines Corporation (EPC) celebrated its 20th year anniversary at the Grand Ballroom of the Grand Hyatt Hotel in BGC, Taguig City. See More

 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 16 November 2018 2:40 PM | 170 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.. See More
 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 2:40 PM | 170 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.See More


Power by

Download Free AZ | Free Wordpress Themes