Just In
- 7 hrs ago Xiaomi Robot Vacuum Cleaner S10, Handheld Garment Steamer, and Redmi Buds 5A Launched in India
- 7 hrs ago Lenovo Unveils IdeaPad Pro 5i Laptop With Intel Core Ultra 9 Processor – Check Price, Specs
- 7 hrs ago Lava ProWatch Zn, ProWatch Vn Smartwatches Launched in India: Check Price, Specs, Availability
- 8 hrs ago Google Podcasts to Shut Down Globally in June 2024: Here's How to Transfer Your Podcasts to YouTube Music
Don't Miss
- Sports Olympic Selection Trials: Ashi-Swapnil Shine In 3-Position Shooting
- News Senator Lambie Calls For Elon Musk's Imprisonment Over Wakeley Church Stabbing Posts
- Movies Mirzapur 3 OTT Release Date, Platform: When Will Mirzapur Season 3 Premiere On Amazon Prime Video?
- Finance 25% Dividend Record Date: Logistic Stock Nears 1-Year High And It Belongs To Mahindra; Motilal Neutral
- Education Telangana Inter Manabadi 1st and 2nd Year Results 2024 to be Declared Tomorrow
- Automobiles Chrysler Pacifica Marks Seven Years As Most Awarded Minivan With New Campaign
- Lifestyle Anant Ambani-Radhika Merchant's Wedding Function Details Are Out, Check out Ambani Bahu-To-Be's Chic Fashion!
- Travel Kurnool's Hidden Gems: A Guide To Exploring India's Lesser-Known Treasures
Roaming Mantis Android malware extends target from Asia to rest of world
Another Android malware extends its target to the masses.
In April, Kaspersky Lab researchers reported on a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting mainly smartphones in Asia. Four weeks on, the threat continues to evolve rapidly and has now extended its target geography to include Europe and the Middle East, adding a phishing option for iOS devices and PC crypto-mining capability.
The campaign, dubbed Roaming Mantis is designed mainly to steal user information including credentials and to provide attackers with full control over the compromised device. The researchers believe a Korean- or Chinese-speaking cybercriminal group looking for financial gain is behind the operation.
Method of attack
Kaspersky Lab's findings indicate that the attackers behind Roaming Mantis seek out vulnerable routers for compromise, and distribute the malware through a simple yet very effective trick of hijacking the DNS settings of those infected routers. The method of router compromise remains unknown. Once the DNS is successfully hijacked, any attempt by users to access any website leads them to a genuine-looking URL with forged content coming from the attackers' server.
This includes the request: "To better experience the browsing, update to the latest chrome version." Clicking on the link initiates the installation of a Trojanized application named either 'facebook.apk' or 'chrome.apk', which contains the attackers' Android backdoor.
The Roaming Mantis malware checks to see if the device is rooted and requests permission to be notified of any communications or browsing activity undertaken by the user. It is also capable of collecting a wide range of data, including credentials for two-factor authentication.
Expanded target geography and features
Kaspersky Lab's initial research uncovered around 150 targets, mainly in South Korea, Bangladesh, and Japan, but it also revealed thousands of connections hitting the attackers' command & control (C2) servers on a daily basis, pointing to a far larger scale of attack. The malware included support for four languages: Korean, simplified Chinese, Japanese, and English.
The attack range has now been extended, supporting 27 languages in all, including Polish, German, Hindi, Arabic, Bulgarian and Russian. The attackers have also introduced a redirection to Apple-themed phishing pages if the malware encounters an iOS device. The latest addition to the arsenal is a malicious website with PC crypto-mining capability. Kaspersky Lab's observations suggest that at least one wave of wider attacks has taken place, with researchers noting over 100 targets among Kaspersky Lab customers within a few days.
In order to protect your internet connection from this infection, Kaspersky Lab recommends the following:
Refer to your router's user manual to verify that your DNS settings haven't been tampered with, or contact your ISP for support.
Change the default login and password for the admin web interface of the router and regularly update your router's firmware from the official source.
Never install router firmware from third-party sources. Avoid using third-party repositories for your Android devices.
Further, always check browser and website addresses to ensure they are legitimate; look for signs such as https when asked to enter data.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
14,999
-
26,634
-
18,800
-
62,425
-
1,15,909
-
93,635
-
75,804
-
9,999
-
11,999
-
3,999