Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend its reach.

 

Close monitoring by Kaspersky Lab experts discovered that the Roaming Mantis was attempting to web mine iOS devices used for legitimate cryptomining. The malware banked on the popular CoinHive miner, the tool it first used to infect PCs.

 

Malicious cryptocurrency mining refers to hackers infecting a cryptomining platform to mine cryptocurrency from unaware victims.

 

“In our first report, we warned that Roaming Mantis is clearly designed to attack and reach more users. True to its name, it has been extending its malicious arms rapidly since April, in terms of its location and attack and evasion methods. From infecting Android devices, it engaged in phishing activities and is now trying to mine iOS gadgets used for cryptomining. From the initial four languages in Asia, this malware is now using a further 27, covering Europe and the Middle East. We are pretty much looking at cybercriminals who show no traces of stopping anytime soon,” warns Suguru Ishimaru, security researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT) Asia Pacific.

 

Researchers also noticed that the hackers have adopted a trial and error approach to test which technique would get them more money faster. For instance, the attacker modified the infected landing page of the malware, alternately using an Apple phishing site and a web coin-mining page.

 

Roaming Mantis has also boosted its attack and evasion tools. The group initially hijacked DNS systems of rogue Wi-Fi routers to infect Android users in Japan, Korea, India, and Bangladesh with Trojanized applications named facebook.apk and chrome.apk.

 

The latest updates reveal that facebook.apk has been changed to sagawa.apk and has been spread via a rented SMS message spoofing delivery service. This technique was first used last year by another cybergang.

 

Kaspersky Lab also uncovered that the attacker spreads its malware via Prezi, cloud-based presentation software that allows free user accounts, making it harder for security products to detect phishing or malicious activities as this site is considered legitimate. In addition, the redirected SCAM content shows that Roaming Mantis uses templates, which suggests that Prezi is an established delivery system for malicious content, too.

 

Aside from the updated tools and techniques, researchers at Kaspersky Lab spotted careless mistakes committed by the hacking group as they try to dabble in additional types of attacks as fast as possible.

 

Roaming Mantis, also known as MoqHao and XLoader, was launched in four languages and in two months quickly added two dozen more, including Asian languages — Bengali, both traditional and simplified Chinese, Hindi, Indonesian, Japanese, Korean, Malay, Filipino, Thai, and Vietnamese.

 

After this update, researchers detected mixed-ups in the language environment. For instance, Japanese users will get a pop-up message written in Korean.

 

The group also used HTML instead of URL to redirect users to their malicious content, contrary to how Prezi as a delivery system really works. As a result, the tweaked landing page was not able to infect its target victims.

 

“The intense financial motivation of this group is undoubtedly fueling it to try different attack and evasion tricks to widen its reach in a short period of time. In its haste to jump on different platforms, languages, and territories, Roaming Mantis is leaving crumbs of clues that guide us in understanding and predicting its next moves. While this group seems rich in manpower, time, and resources, Kaspersky Lab researchers tracking the minutest details will continue to dig up further forensic information to keep track of their movements,” adds Ishimaru.

 

To protect your devices against Roaming Mantis attacks, Kaspersky Lab suggests users do the following:

  • Check your router’s settings
  • Change the default login and password for admin of your devices, especially when used in cryptomining
  • Use robust security solutions for all your devices
  • Do not allow “Install unknown apps”

 

 

Kaspersky Lab security solutions detect malware used by Roaming Mantis as HEUR: Trojan-Banker and AndroidOS.Wroba.e and HEUR: Trojan-Banker and AndroidOS.Wroba.al.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Intensified Financial Hunting by Lazarus Group Marked by Fake Supply Chain Attacks, MacOS Malware
Techworld Date Posted: 28 September 2018 4:04 PM | 325 Views
Kaspersky Lab reveals today that heightened cyberheist activity by the notorious Lazarus group will give rise to more fake supply chain attacks to deliver ever stealthier infections. The cybergang has also been discovered to.... See More
 
Intensified Financial Hunting by Lazarus Group Marked by Fake Supply Chain Attacks, MacOS Malware
Techworld Date Posted: 4:04 PM | 325 Views
Kaspersky Lab reveals today that heightened cyberheist activity by the notorious Lazarus group will give rise to more fake supply chain attacks to deliver ever stealthier infections. The cybergang has also been discovered to...See More

 
Six Filipino Youths Emerged Winners of the ASEAN Data Science Explorers National Finals
Techworld Date Posted: 2 November 2017 2:59 PM | 374 Views
Following the completion of the ASEAN Data Science Explorers Philippines National Finals, six local students were awarded with the top three awards for their insights and ideas on driving a sustainable future for ASEAN.. See More
 
Six Filipino Youths Emerged Winners of the ASEAN Data Science Explorers National Finals
Techworld Date Posted: 2:59 PM | 374 Views
Following the completion of the ASEAN Data Science Explorers Philippines National Finals, six local students were awarded with the top three awards for their insights and ideas on driving a sustainable future for ASEAN.See More

 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 21 December 2017 5:12 PM | 39 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding.... See More
 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 5:12 PM | 39 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding...See More

 
IDC Philippines Reveals Strategies Needed to Become Digitally Determined Enterprise at CIO Summit 2019
Techworld Date Posted: 24 April 2019 4:32 PM | 30 Views
IDC hosted its annual CIO Summit at the Shangri-La at the Fort, Manila exploring practical strategies to move businesses through their digital transformation (DX) journey. This year's CIO Summit, themed “The Digital Determination Playbook,”.... See More
 
IDC Philippines Reveals Strategies Needed to Become Digitally Determined Enterprise at CIO Summit 2019
Techworld Date Posted: 4:32 PM | 30 Views
IDC hosted its annual CIO Summit at the Shangri-La at the Fort, Manila exploring practical strategies to move businesses through their digital transformation (DX) journey. This year's CIO Summit, themed “The Digital Determination Playbook,”...See More

 
Maynilad Water Services named Philippines’ “Digital Transformer of the Year” at IDC’s Digital Transformation Awards (Dxa)
Techworld Date Posted: 22 November 2017 5:05 PM | 42 Views
  IDC concluded its 11-month search for the Philippines’ best digital transformation (DX) initiatives, naming Maynilad Water Services Inc. as the 2017 “Digital Transformer of the Year” in the inaugural run of IDC DX.... See More
 
Maynilad Water Services named Philippines’ “Digital Transformer of the Year” at IDC’s Digital Transformation Awards (Dxa)
Techworld Date Posted: 5:05 PM | 42 Views
  IDC concluded its 11-month search for the Philippines’ best digital transformation (DX) initiatives, naming Maynilad Water Services Inc. as the 2017 “Digital Transformer of the Year” in the inaugural run of IDC DX...See More

 
F5 Named a WAF Leader by Independent Research Firm
Techworld Date Posted: 5 September 2018 3:35 PM | 215 Views
F5 Networks (NASDAQ: FFIV) just announced that it has been named a Leader in the Forrester Wave™: Web Application Firewalls, Q2 2018 report, published June 25, 2018. . See More
 
F5 Named a WAF Leader by Independent Research Firm
Techworld Date Posted: 3:35 PM | 215 Views
F5 Networks (NASDAQ: FFIV) just announced that it has been named a Leader in the Forrester Wave™: Web Application Firewalls, Q2 2018 report, published June 25, 2018. See More

 
Kingston and Authorized Partners to Bring High-Quality Storage Solutions to Philippines
Techworld Date Posted: 24 January 2019 1:25 PM | 27 Views
Kingston Technology, a world leader in memory storage products and technology solutions, today announced the launch of its authorized partner program in the Philippines. Ranked as the World’s NO.1 memory module manufacturer. See More
 
Kingston and Authorized Partners to Bring High-Quality Storage Solutions to Philippines
Techworld Date Posted: 1:25 PM | 27 Views
Kingston Technology, a world leader in memory storage products and technology solutions, today announced the launch of its authorized partner program in the Philippines. Ranked as the World’s NO.1 memory module manufacturerSee More

 
KKR-Backed Emerald Media Leads US$65 Million Series B in aCommerce to Drive Southeast Asia’s Retail and Ecommerce Ecosystem Forward
Techworld Date Posted: 20 November 2017 1:46 PM | 322 Views
Manila, 20 November 2017 - aCommerce Co. Ltd. announced today that it has closed a US$65 million Series B funding round. The company is Southeast Asia’s leading ecommerce enabler and e-distributor in four markets.... See More
 
KKR-Backed Emerald Media Leads US$65 Million Series B in aCommerce to Drive Southeast Asia’s Retail and Ecommerce Ecosystem Forward
Techworld Date Posted: 1:46 PM | 322 Views
Manila, 20 November 2017 - aCommerce Co. Ltd. announced today that it has closed a US$65 million Series B funding round. The company is Southeast Asia’s leading ecommerce enabler and e-distributor in four markets...See More

 
Honeywell Awards Three Scholarships to Chemical Engineer Students in the Philippines
Techworld Date Posted: 7 November 2017 4:41 PM | 342 Views
Honeywell (NYSE: HON) announced today that it has awarded scholarships to three Filipino students majoring in chemical engineering at a leading university in Philippines, affirming Honeywell’s continued investment in building the future engineering talent.... See More
 
Honeywell Awards Three Scholarships to Chemical Engineer Students in the Philippines
Techworld Date Posted: 4:41 PM | 342 Views
Honeywell (NYSE: HON) announced today that it has awarded scholarships to three Filipino students majoring in chemical engineering at a leading university in Philippines, affirming Honeywell’s continued investment in building the future engineering talent...See More

Metamudkip
The Sudden Rise of the Shadow Brokers
Techworld • By: Metamudkip | Date Posted: 25 January 2018 4:26 PM | 41 Views
Governments have long been known to seek more information about their populace. In the United States, for example. See More
Metamudkip
The Sudden Rise of the Shadow Brokers
Techworld • By: Metamudkip | Date Posted: 4:26 PM | 41 Views
Governments have long been known to seek more information about their populace. In the United States, for exampleSee More


Power by

Download Free AZ | Free Wordpress Themes