Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend its reach.

 

Close monitoring by Kaspersky Lab experts discovered that the Roaming Mantis was attempting to web mine iOS devices used for legitimate cryptomining. The malware banked on the popular CoinHive miner, the tool it first used to infect PCs.

 

Malicious cryptocurrency mining refers to hackers infecting a cryptomining platform to mine cryptocurrency from unaware victims.

 

“In our first report, we warned that Roaming Mantis is clearly designed to attack and reach more users. True to its name, it has been extending its malicious arms rapidly since April, in terms of its location and attack and evasion methods. From infecting Android devices, it engaged in phishing activities and is now trying to mine iOS gadgets used for cryptomining. From the initial four languages in Asia, this malware is now using a further 27, covering Europe and the Middle East. We are pretty much looking at cybercriminals who show no traces of stopping anytime soon,” warns Suguru Ishimaru, security researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT) Asia Pacific.

 

Researchers also noticed that the hackers have adopted a trial and error approach to test which technique would get them more money faster. For instance, the attacker modified the infected landing page of the malware, alternately using an Apple phishing site and a web coin-mining page.

 

Roaming Mantis has also boosted its attack and evasion tools. The group initially hijacked DNS systems of rogue Wi-Fi routers to infect Android users in Japan, Korea, India, and Bangladesh with Trojanized applications named facebook.apk and chrome.apk.

 

The latest updates reveal that facebook.apk has been changed to sagawa.apk and has been spread via a rented SMS message spoofing delivery service. This technique was first used last year by another cybergang.

 

Kaspersky Lab also uncovered that the attacker spreads its malware via Prezi, cloud-based presentation software that allows free user accounts, making it harder for security products to detect phishing or malicious activities as this site is considered legitimate. In addition, the redirected SCAM content shows that Roaming Mantis uses templates, which suggests that Prezi is an established delivery system for malicious content, too.

 

Aside from the updated tools and techniques, researchers at Kaspersky Lab spotted careless mistakes committed by the hacking group as they try to dabble in additional types of attacks as fast as possible.

 

Roaming Mantis, also known as MoqHao and XLoader, was launched in four languages and in two months quickly added two dozen more, including Asian languages — Bengali, both traditional and simplified Chinese, Hindi, Indonesian, Japanese, Korean, Malay, Filipino, Thai, and Vietnamese.

 

After this update, researchers detected mixed-ups in the language environment. For instance, Japanese users will get a pop-up message written in Korean.

 

The group also used HTML instead of URL to redirect users to their malicious content, contrary to how Prezi as a delivery system really works. As a result, the tweaked landing page was not able to infect its target victims.

 

“The intense financial motivation of this group is undoubtedly fueling it to try different attack and evasion tricks to widen its reach in a short period of time. In its haste to jump on different platforms, languages, and territories, Roaming Mantis is leaving crumbs of clues that guide us in understanding and predicting its next moves. While this group seems rich in manpower, time, and resources, Kaspersky Lab researchers tracking the minutest details will continue to dig up further forensic information to keep track of their movements,” adds Ishimaru.

 

To protect your devices against Roaming Mantis attacks, Kaspersky Lab suggests users do the following:

  • Check your router’s settings
  • Change the default login and password for admin of your devices, especially when used in cryptomining
  • Use robust security solutions for all your devices
  • Do not allow “Install unknown apps”

 

 

Kaspersky Lab security solutions detect malware used by Roaming Mantis as HEUR: Trojan-Banker and AndroidOS.Wroba.e and HEUR: Trojan-Banker and AndroidOS.Wroba.al.


RECOMMENDED ARTICLE FOR TECHWORLD


 
An Easy Way for People in the Philippines to Access Their Money on Messenger
Techworld Date Posted: 23 September 2017 11:20 AM | 258 Views
Today, PayMaya and GCash, in partnership with Facebook, announced an easy new way for people to send money to friends, pay bills, and buy mobile data using Messenger. People in the Philippines regularly connect.... See More
 
An Easy Way for People in the Philippines to Access Their Money on Messenger
Techworld Date Posted: 11:20 AM | 258 Views
Today, PayMaya and GCash, in partnership with Facebook, announced an easy new way for people to send money to friends, pay bills, and buy mobile data using Messenger. People in the Philippines regularly connect...See More

 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 27 February 2018 4:42 PM | 309 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.. See More
 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 4:42 PM | 309 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.See More

 
HyperX Now the Official Gaming Headset Partner of the Dallas Mavericks and the Future Dallas NBA 2K League Team
Techworld Date Posted: 7 December 2017 3:19 PM | 376 Views
HyperX®, the gaming division of Kingston Technology, announced the official gaming headset sponsorship of the Dallas Mavericks and the future Dallas NBA 2K League team. . See More
 
HyperX Now the Official Gaming Headset Partner of the Dallas Mavericks and the Future Dallas NBA 2K League Team
Techworld Date Posted: 3:19 PM | 376 Views
HyperX®, the gaming division of Kingston Technology, announced the official gaming headset sponsorship of the Dallas Mavericks and the future Dallas NBA 2K League team. See More

 
Realme Philippines to Reveal 3 Big Surprises at Realme 3 Launch
Techworld Date Posted: 14 March 2019 11:15 AM | 116 Views
Realme Philippines is all set to launch its newest offering in the Philippine market, the realme 3, on March 19. Delivering the best value in its price segments, realme Philippines further intensifies the game.... See More
 
Realme Philippines to Reveal 3 Big Surprises at Realme 3 Launch
Techworld Date Posted: 11:15 AM | 116 Views
Realme Philippines is all set to launch its newest offering in the Philippine market, the realme 3, on March 19. Delivering the best value in its price segments, realme Philippines further intensifies the game...See More

 
Win a Transcend DrivePro 230 Dashcam for Your Family’s Safety Travel This Christmas
Techworld Date Posted: 18 December 2018 8:48 AM | 136 Views
It’s the season of giving and Christmas is fast approaching. Transcend Information, together with Blade Auto Center, is holding “Share and WIN a DrivePro 230 dashcam” on Blade Facebook to secure your family’s safety.... See More
 
Win a Transcend DrivePro 230 Dashcam for Your Family’s Safety Travel This Christmas
Techworld Date Posted: 8:48 AM | 136 Views
It’s the season of giving and Christmas is fast approaching. Transcend Information, together with Blade Auto Center, is holding “Share and WIN a DrivePro 230 dashcam” on Blade Facebook to secure your family’s safety...See More

 
Smart Reimagines Postpaid Experience with New Signature Plans
Techworld Date Posted: 21 May 2019 8:32 AM | 144 Views
PLDT mobile services arm Smart Communications is ushering in a reimagined postpaid experience that puts customers first as it launches the new Signature Plans.. See More
 
Smart Reimagines Postpaid Experience with New Signature Plans
Techworld Date Posted: 8:32 AM | 144 Views
PLDT mobile services arm Smart Communications is ushering in a reimagined postpaid experience that puts customers first as it launches the new Signature Plans.See More

 
ADATA to Showcase Its Latest Industrial and Commercial Solutions at Flash Memory Summit 2018
Techworld Date Posted: 1 August 2018 2:12 PM | 333 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is pleased to announce that it will be at the Flash Memory Summit 2018 (Booth 714), one of the most important.... See More
 
ADATA to Showcase Its Latest Industrial and Commercial Solutions at Flash Memory Summit 2018
Techworld Date Posted: 2:12 PM | 333 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is pleased to announce that it will be at the Flash Memory Summit 2018 (Booth 714), one of the most important...See More

 
MSI Philippines Joins the World of Consumer Electronics Expo (WOCEE)
Techworld Date Posted: 20 September 2017 9:20 AM | 299 Views
Manila, Philippines - Micro-Star International (MSI Gaming) will be participating in the World Consumer Electronics Expo organized by WorldBex this September 21 to 24, 2017 at World Trade Center, Pasay City. 11am to 6pm,.... See More
 
MSI Philippines Joins the World of Consumer Electronics Expo (WOCEE)
Techworld Date Posted: 9:20 AM | 299 Views
Manila, Philippines - Micro-Star International (MSI Gaming) will be participating in the World Consumer Electronics Expo organized by WorldBex this September 21 to 24, 2017 at World Trade Center, Pasay City. 11am to 6pm,...See More

 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 8 November 2017 4:53 PM | 340 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.. See More
 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 4:53 PM | 340 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.See More

 
Transcend Wins Good Design Award 2018 in Japan
Techworld Date Posted: 16 October 2018 4:22 PM | 164 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, today announced that its JetDrive™ 855 SSD upgrade kit for Mac has won the "Good Design Award 2018" for its practical and.... See More
 
Transcend Wins Good Design Award 2018 in Japan
Techworld Date Posted: 4:22 PM | 164 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, today announced that its JetDrive™ 855 SSD upgrade kit for Mac has won the "Good Design Award 2018" for its practical and...See More


Power by

Download Free AZ | Free Wordpress Themes