Dubbed Roaming Mantis, the malware was initially institute hijacking Internet routers concluding calendar month to distribute Android banking malware designed to pocket users' login credentials in addition to the surreptitious code for two-factor authentication.
According to safety researchers at Kaspersky Labs, the criminal grouping behind the Roaming Mantis drive has broadened their targets yesteryear adding phishing attacks for iOS devices, in addition to cryptocurrency mining script for PC users.
Moreover, piece the initial attacks were designed to target users from South East Asia–including South Korea, PRC Bangladesh, in addition to Japan–the novel drive at nowadays back upwards 27 languages to expand its operations to infect people across Europe in addition to the Middle East.
How the Roaming Mantis Malware Works
Similar to the previous version, the novel Roaming Mantis malware is distributed via DNS hijacking, wherein attackers modify the DNS settings of the wireless routers to redirect traffic to malicious websites controlled yesteryear them.
So, whenever users sweat to access whatsoever website via a compromised router, they are redirected to rogue websites, which serves:
- fake apps infected amongst banking malware to Android users,
- phishing sites to iOS users,
- Sites amongst cryptocurrency mining script to desktop users
"After the [Android] user is redirected to the malicious site, they are prompted to update the browser [app]. That leads to the download of a malicious app named chrome.apk (there was around other version equally well, named facebook.apk)," researchers say.To evade detection, faux websites generate novel packages inwards existent fourth dimension amongst unique malicious apk files for download, in addition to too laid filename equally 8 random numbers.
Once installed, the attackers tin command infected Android devices using xix built-in backdoor commands, including–sendSms, setWifi, gcont, lock, onRecordAction, call, get_apps, ping in addition to more.
If the victims ain an iOS device, the malware redirects users to a phishing site that mimics the Apple website, claiming to locomote 'security.app.com,' in addition to asks them to instruct inwards their user ID, password, bill of fare number, bill of fare expiration engagement in addition to CVV number.
Keeping inwards hear these novel capabilities in addition to the rapid increment of the campaign, researchers believe that "those behind it bring a rigid fiscal motivation in addition to are in all likelihood well-funded."
Here's How to Protect Yourself from Roaming Mantis
In social club to protect yourself from such malware, you lot are advised to ensure your router is running the latest version of the firmware in addition to protected amongst a rigid password.
Since the hacking drive is using attacker-controlled DNS servers to spoof legitimate domains in addition to redirect users to malicious download files, you lot are advised to brand certain the sites you lot are visiting has HTTPS enabled.
You should too disable your router's remote management characteristic in addition to hardcode a trusted DNS server into the operating organisation network settings.
Android device users are ever advised to install apps from official stores, in addition to disable the installation of apps from unknown sources on their smartphone yesteryear heading on to Settings → Security → Unknown sources.
To banking concern check if your Wi-Fi router is already compromised, review your DNS settings in addition to banking concern check the DNS server address. If it does non agree the i issued yesteryear your provider, modify it dorsum to the correct one. Also modify all your concern human relationship passwords immediately.
