• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 18th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Multilingual malware hits Android devices for phishing & cryptomining

May 21st, 2018 Waqas Security, Malware 0 comments
Multilingual malware hits Android devices for phishing & cryptomining
Share on FacebookShare on Twitter

Roaming Mantis malware also targets iOS devices for phishing attacks.

‘Roaming Mantis uses DNS hijacking to infect Android smartphones’ was the title of a blog post from Kaspersky Lab published in April 2018 that provided details about the notorious Roaming Mantis malware that performs targeted operation to hijack Android devices. The malware is believed to be evolving rapidly and aims at capturing sensitive user data by infecting the Android device.

“Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. In addition, the criminals added a phishing option for iOS devices, and crypto-mining capabilities for the PC,” read Kaspersky Lab’s blog post.

In fact, it is capable of performing an array of diverse functionalities including cryptocurrency mining and iOS device phishing apart from targeting Android devices for stealing information. As per Kaspersky Lab’s researcher Suguru Ishimaru, the previous campaign involving Roaming Mantis was also analyzed by Kaspersky Lab and the findings were detailed in its blog post “The Roaming Mantis campaign evolved significantly in a short period of time.”

The attacks have been expanded to around 27 different languages including English, Hindi, Russian, Chinese, and Hebrew. Originally the malware was distributed in five languages but now the range has been expanded using an automatic translator. The full list of languages can be accessed here.

The New Multilingual Android Malware Targeting Devices for Phishing and Cryptomining.

Image credit: Kaspersky

Developed to be distributed through DNS hijacking, the malware is currently most active in Asian regions including Bangladesh, India, Japan and South Korea, according to Kaspersky Lab’s telemetry data analysis. However, there are also reports of the malware targeting devices in the Middle East and Europe.

Roaming Mantis, also known as MoqHao and XLoader, redirects victims to a malicious web page through DNS hijacking while the page is distributed through a fake and infected Facebook or Chrome application (titled ‘facebook.apk’ or ‘chrome.apk’). The application, which contains an Android Trojan-Banker, has to be installed manually by the victim. However, researchers noted that the comments are posted in Simplified Chinese.

To hijack iOS devices, a fake page mimicking the official Apple website is distributed that claims to be ‘security.app.com’. The page requires the victim to provide user ID, passwords, CVV, card expiration and card number. Nearly 25 languages are being supported by this site’s HTML source and only Bengali and Georgian are eliminated.

Roaming Mantis is also capable of stealing private and sensitive data from Apple and Android mobile phones while cryptocurrency mining is performed by the inclusion of a special script in the malware’s HTML source code, which gets executed whenever the browser is opened.

Additionally, a Coinhive Javascript miner is executed to exploit the device’s CPU to mine Monero cryptocurrency. In comparison to other attacks, Roaming Mantis’ cryptocurrency mining is quite subtle. This means a majority of users may not even notice that their device’s resources are being used for mining.

The New Multilingual Android Malware Targeting Devices for Phishing and Cryptomining.

Image credit: Kaspersky

“Coinhive is the most popular web miner used by cybercriminals around the world. When a user connects to the landing page from a PC, the CPU usage will drastically increase because of the crypto mining activity in the browser,” explained Kaspersky Lab researchers.

So far, about 150 successful attacks have been observed but according to Kaspersky Lab, it more or less represents just a “tiny fraction of the overall picture,” since when DNS hijacking is involved, it becomes quite difficult to identify targets.

  • Tags
  • Android
  • Cryptomining
  • DNS
  • europe
  • iOS
  • Malware
  • Phishing
  • security
Facebook Twitter LinkedIn Pinterest
Previous article You are not alone; The Pirate Bay is down around the world
Next article Data of millions of Japanese sold on underground hacking forums
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

1-click code execution vulnerabilities in popular software apps
News

1-click code execution vulnerabilities in popular software apps

2021 and Emerging Cybersecurity Threats
Security

2021 and Emerging Cybersecurity Threats

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us