Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend its reach.

 

Close monitoring by Kaspersky Lab experts discovered that the Roaming Mantis was attempting to web mine iOS devices used for legitimate cryptomining. The malware banked on the popular CoinHive miner, the tool it first used to infect PCs.

 

Malicious cryptocurrency mining refers to hackers infecting a cryptomining platform to mine cryptocurrency from unaware victims.

 

“In our first report, we warned that Roaming Mantis is clearly designed to attack and reach more users. True to its name, it has been extending its malicious arms rapidly since April, in terms of its location and attack and evasion methods. From infecting Android devices, it engaged in phishing activities and is now trying to mine iOS gadgets used for cryptomining. From the initial four languages in Asia, this malware is now using a further 27, covering Europe and the Middle East. We are pretty much looking at cybercriminals who show no traces of stopping anytime soon,” warns Suguru Ishimaru, security researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT) Asia Pacific.

 

Researchers also noticed that the hackers have adopted a trial and error approach to test which technique would get them more money faster. For instance, the attacker modified the infected landing page of the malware, alternately using an Apple phishing site and a web coin-mining page.

 

Roaming Mantis has also boosted its attack and evasion tools. The group initially hijacked DNS systems of rogue Wi-Fi routers to infect Android users in Japan, Korea, India, and Bangladesh with Trojanized applications named facebook.apk and chrome.apk.

 

The latest updates reveal that facebook.apk has been changed to sagawa.apk and has been spread via a rented SMS message spoofing delivery service. This technique was first used last year by another cybergang.

 

Kaspersky Lab also uncovered that the attacker spreads its malware via Prezi, cloud-based presentation software that allows free user accounts, making it harder for security products to detect phishing or malicious activities as this site is considered legitimate. In addition, the redirected SCAM content shows that Roaming Mantis uses templates, which suggests that Prezi is an established delivery system for malicious content, too.

 

Aside from the updated tools and techniques, researchers at Kaspersky Lab spotted careless mistakes committed by the hacking group as they try to dabble in additional types of attacks as fast as possible.

 

Roaming Mantis, also known as MoqHao and XLoader, was launched in four languages and in two months quickly added two dozen more, including Asian languages — Bengali, both traditional and simplified Chinese, Hindi, Indonesian, Japanese, Korean, Malay, Filipino, Thai, and Vietnamese.

 

After this update, researchers detected mixed-ups in the language environment. For instance, Japanese users will get a pop-up message written in Korean.

 

The group also used HTML instead of URL to redirect users to their malicious content, contrary to how Prezi as a delivery system really works. As a result, the tweaked landing page was not able to infect its target victims.

 

“The intense financial motivation of this group is undoubtedly fueling it to try different attack and evasion tricks to widen its reach in a short period of time. In its haste to jump on different platforms, languages, and territories, Roaming Mantis is leaving crumbs of clues that guide us in understanding and predicting its next moves. While this group seems rich in manpower, time, and resources, Kaspersky Lab researchers tracking the minutest details will continue to dig up further forensic information to keep track of their movements,” adds Ishimaru.

 

To protect your devices against Roaming Mantis attacks, Kaspersky Lab suggests users do the following:

  • Check your router’s settings
  • Change the default login and password for admin of your devices, especially when used in cryptomining
  • Use robust security solutions for all your devices
  • Do not allow “Install unknown apps”

 

 

Kaspersky Lab security solutions detect malware used by Roaming Mantis as HEUR: Trojan-Banker and AndroidOS.Wroba.e and HEUR: Trojan-Banker and AndroidOS.Wroba.al.


RECOMMENDED ARTICLE FOR TECHWORLD


 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 26 October 2017 1:06 PM | 399 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,. See More
 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 1:06 PM | 399 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,See More

 
Getting Ready for the Holidays: Your Safe Online Shopping Guide
Techworld Date Posted: 21 November 2017 8:42 AM | 178 Views
  Online retailers are gearing up for the biggest shopping day of the year. With more consumers doing their holiday shopping online, additional compute resources and warehouses bulging with inventory ensure that shoppers won’t.... See More
 
Getting Ready for the Holidays: Your Safe Online Shopping Guide
Techworld Date Posted: 8:42 AM | 178 Views
  Online retailers are gearing up for the biggest shopping day of the year. With more consumers doing their holiday shopping online, additional compute resources and warehouses bulging with inventory ensure that shoppers won’t...See More

 
DJI Introduces Customer Loyalty Program for Ronin 3-Axis Stabilized Handheld Gimbal System
Techworld Date Posted: 18 September 2017 10:10 AM | 174 Views
DJI, the world's leader in creative camera technology, today announced a global customer loyalty program, rewarding long-time creative professionals who use its Ronin three-axis camera stabilizer and are ready to take their camera operating.... See More
 
DJI Introduces Customer Loyalty Program for Ronin 3-Axis Stabilized Handheld Gimbal System
Techworld Date Posted: 10:10 AM | 174 Views
DJI, the world's leader in creative camera technology, today announced a global customer loyalty program, rewarding long-time creative professionals who use its Ronin three-axis camera stabilizer and are ready to take their camera operating...See More

 
Transcend Brings 3D NAND to mSATA SSD MSA230S for Consumers
Techworld Date Posted: 31 August 2018 2:07 PM | 71 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is introducing the mSATA SSD MSA230S to its comprehensive portfolio of high-quality, reliable solid-state storage solutions.. See More
 
Transcend Brings 3D NAND to mSATA SSD MSA230S for Consumers
Techworld Date Posted: 2:07 PM | 71 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is introducing the mSATA SSD MSA230S to its comprehensive portfolio of high-quality, reliable solid-state storage solutions.See More

 
SAP Promotes Filipino Executive Edler Panlilio as Managing Director for SAP Philippines, Inc.
Techworld Date Posted: 17 October 2017 3:10 PM | 210 Views
SAP SE (NYSE: SAP) today announced the appointment of Edler Panlilio as the Managing Director for SAP Philippines, Inc. In this new role, Edler will be responsible for leading and driving business growth and.... See More
 
SAP Promotes Filipino Executive Edler Panlilio as Managing Director for SAP Philippines, Inc.
Techworld Date Posted: 3:10 PM | 210 Views
SAP SE (NYSE: SAP) today announced the appointment of Edler Panlilio as the Managing Director for SAP Philippines, Inc. In this new role, Edler will be responsible for leading and driving business growth and...See More

 
Star Wars™: Jedi Challenges, A New Smartphone-Powered Augmented Reality Experience Is Now in the Philippines
Techworld Date Posted: 8 November 2017 5:23 PM | 205 Views
Lenovo (HKSE: 992) (ADR: LNVGY) and Disney today unveiled Star Wars: Jedi Challenges, a new augmented reality Star Wars product that allows fans to experience Star Wars in ways never before possible. See More
 
Star Wars™: Jedi Challenges, A New Smartphone-Powered Augmented Reality Experience Is Now in the Philippines
Techworld Date Posted: 5:23 PM | 205 Views
Lenovo (HKSE: 992) (ADR: LNVGY) and Disney today unveiled Star Wars: Jedi Challenges, a new augmented reality Star Wars product that allows fans to experience Star Wars in ways never before possibleSee More

 
The Lowdown on the Philippine ID System What Filipinos Need to Know
Techworld Date Posted: 21 September 2018 9:19 AM | 80 Views
The majority of modern nations implement a national ID system to achieve greater efficiency in the provision of services. Many of these nations, however, continue to struggle with the competing interest of personal privacy..... See More
 
The Lowdown on the Philippine ID System What Filipinos Need to Know
Techworld Date Posted: 9:19 AM | 80 Views
The majority of modern nations implement a national ID system to achieve greater efficiency in the provision of services. Many of these nations, however, continue to struggle with the competing interest of personal privacy....See More

 
Kaspersky Lab Report on DDoS Attacks in Q1 2017: The Lull before the Storm
Techworld Date Posted: 27 May 2017 2:55 PM | 180 Views
The first quarter of 2017 has confirmed the forecasts about the evolution of DDoS attacks made by Kaspersky Lab experts following the 2016 results. It also demonstrates that cybercriminals need a rest too. Despite the.... See More
 
Kaspersky Lab Report on DDoS Attacks in Q1 2017: The Lull before the Storm
Techworld Date Posted: 2:55 PM | 180 Views
The first quarter of 2017 has confirmed the forecasts about the evolution of DDoS attacks made by Kaspersky Lab experts following the 2016 results. It also demonstrates that cybercriminals need a rest too. Despite the...See More

 
FEW DAYS BEFORE THE RELEASE OF DRAGON BALL FIGHTERZ
Techworld Date Posted: 23 January 2018 4:58 PM | 122 Views
The most anticipated fighting game is about to be launched on PlayStation®4, Xbox One, and PCs via STEAM®.. See More
 
FEW DAYS BEFORE THE RELEASE OF DRAGON BALL FIGHTERZ
Techworld Date Posted: 4:58 PM | 122 Views
The most anticipated fighting game is about to be launched on PlayStation®4, Xbox One, and PCs via STEAM®.See More

 
Phantom 4 Advanced vs Phantom 4 Pro: 4 Differences You Need to Know
Techworld Date Posted: 24 August 2017 9:41 AM | 179 Views
DJI's most recent release, the Phantom 4 Advanced, is a slightly altered version of the Phantom 4 Pro unit which came out late last year. Its titanium and magnesium alloy makes the aircraft more durable.... See More
 
Phantom 4 Advanced vs Phantom 4 Pro: 4 Differences You Need to Know
Techworld Date Posted: 9:41 AM | 179 Views
DJI's most recent release, the Phantom 4 Advanced, is a slightly altered version of the Phantom 4 Pro unit which came out late last year. Its titanium and magnesium alloy makes the aircraft more durable...See More


Power by

Download Free AZ | Free Wordpress Themes