Monday, October 22, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Japanese Calsonic Kansei to Buy Magneti Marelli Auto Part Business For $7.12 Billion
Shuttle Announces SH310R4 Mini-PCs for 8th Gen Core LGA1151 Processors
Samsung Releases New Flash Laptop
Sony's New CMOS Image Sensor Supports Multiple Connections to a Single MIPI Input Port
Arm Offers Low-cost Cortex-A5 License to Linux Developers
Google Could Charge Android Partners in Europe up to $40 per Device
Samsung Display Develops Under Panel Sensor, Fingerprint On Display AMOLEDs
The 9th Generation Intel Core i9-9900K is Actually the World's Best Gaming Processor
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Roaming...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, May 18, 2018
Roaming Mantis Malware Infects Smartphones Through Wi-fi Routers


Kaspersky Lab's experts claim that a malware dubbed 'Roaming Mantis' uses compromised routers to infect Android-based smartphones and tablets, redirect iOS devices to a phishing site, and runs a cryptomining script on desktops and laptops.

The malware was discovered last month and was initially considered to be a lcal threat, since it was attscking users from Japan, Korea, China, India, and Bangladesh. However, Roaming Mantis has since then learned to speak another two dozen languages and is rapidly spreading around the world.

The creators of Roaming Mantis have chosen a simple form of DNS hijacking: they hijack the settings of compromised routers forcing them to use their own rogue DNS servers. That means that whatever is typed in the browser address bar of a device connected to this router, the user is redirected to a malicious site. After the user is redirected to the malicious site, they are prompted to update the browser. This leads to the download of a malicious app named chrome.apk (there was another version as well, named facebook.apk).

The malware requests a whole host of permissions during the installation process, including rights to access accounts information, send/receive SMS, process voice calls, record audio, access files, display its own window on top of others, and so on. For a trusted application like Google Chrome, such a list doesn't seem too suspicious - if the user considers this 'browser update' legit, they are sure to grant permissions without even reading the list.

After the application is installed, the malware uses the right to access the list of accounts to find out which Google account is used on the device. Next, the user is shown a message (it appears on top of all other open windows, since the malware also requested permission for that) saying that something is wrong with their account and that they need to sign in again. A page then opens prompting the user to enter their name and date of birth.

It appears that this data, together with the SMS permissions that grant access to the one-time codes needed for two-factor authentication, is then used by the creators of Roaming Mantis to steal Google accounts.
Roaming Mantis: world tour, iOS debut, and mining

In the beginning, Roaming Mantis displayed messages in four languages: English, Korean, Chinese, and Japanese. But somewhere along the line its creators decided to expand out and teach their polyglot malware another two dozen languages:

Arabic
Armenian
Bulgarian
Bengali
Czech
Georgian
German
Hebrew
Hindi
Indonesian
Italian
Malay
Polish
Portuguese
Russian
Serbo-Croat
Spanish
Tagalog
Thai
Turkish
Ukrainian
Vietnamese

While they were at it, the creators also improved Roaming Mantis, teaching it to attack devices running iOS.

Accoding to Kaspersky, the cybercriminals do not confine themselves to stealing only Apple ID credentials; immediately after entering this data, the user is asked for a bank card number.

On desktop computers and laptops, Roaming Mantis runs the CoinHive mining script, which mines cryptocurrency straight into the pockets of the malware makers. The victim's computer processor is loaded to the max, forcing the system to slow down and consume vast amounts of power.

Security experts advise users to install antiviruses on all devices and regularly update all installed software on their devices. Om Android devices, users should disable installation of applications from unknown sources.


Previous
Next
Hisense Announces "Affordable" 80-inch Laser TV        All News        'Call Of Duty: Black Ops 4' Will Not Have a Single Player Campaign
FCC Investigating Recent Report Website Flaw Exposed Mobile Phone Locations     Mobiles News      Mysterious Red Hydrogen One Phone Coming to Verizon and AT&T

Get RSS feed Easy Print E-Mail this Message

Related News
FBI Says Reboot Your Router to Stop Malware Infecting 500k Devices
ZooPark Android Malware Tracks all Your Phone Activities
Microsoft Launches $250,000 Security Bounty
Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak
Telegram Messenger Vulnerability Spread Multipurpose Malware
Google Removed 700,000 Apps From Google Play in 2017
Fake Spectre and Meltdown Patch Pushes Malware
Malware Spread Through PornHub
Cloak and Dagger Security Hole in Android Discovered
Alleged NSA Malware Does Not Affect Microsoft Users
Preinstalled Malware May Be Targeting Your Android Phone
New Mac OS X Malware Steal Passwords, And iPhone Backups

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .