sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Si Cyber Intel:  Malicious Banking Trojan, Roaming Mantis, Is Back
May2018

Si Cyber Intel: Malicious Banking Trojan, Roaming Mantis, Is Back

This week has seen critical threat levels of the malicious banking Trojan known as ‘Roaming Mantis’.

It’s not the first time we’ve heard of this malware, as last month it was found hijacking Internet routers in order to distribute Android banking malware designed to steal login credentials and their secret code for authentication.

According to security researchers at Kaspersky Labs, the malicious DNS hijacking malware is now back on the scene and has morphed into a hybrid with new capabilities including adding phishing attacks for ios devices and a cryptocurrency mining script for desktop users.

To begin with, Roaming Mantis was only targeting users of South Korean, Chinese and Japanese mobile banking apps via their Android phones but the distribution has now widened to include 27 language HTMLs across Europe and the Middle East.

How the Roaming Mantis malware works

The malware works by hijacking the DNS settings of a wireless router to redirect all traffic to a website controlled by the attacker. Once the router is compromised, the user is automatically redirected to a malicious website which poses as a popular website, such as the following:

  • Phishing sites targeting ios users – the malicious malware redirects users to fake phishing sites that pose as the Apple website and encourages victims to enter their user ID, password and banking card details
  • Android users are greeted by a host of apps which look real but are actually loaded with the banking malware. From there, users are prompted to update their Chrome browser app which then leads to the delivery of Roaming Mantis to their device. Once infected the malware (appearing as their Chrome app) will ask for access to their messages, call functions, external storage and more
  • PC users are taken to sites infected with cryptocurrency mining scripts. The malware will prompt the user to certify their device to continue browsing, Roaming Mantis then sends a web browser appearing as a fake Google screen and requests the user’s name and date of birth. That data, along with other information stolen from the device is used to compromise the victim’s account.

How to protect yourself:

  • Make sure internet routers at home and in the office are updated with recent patches and security updates
  • Verify websites that you are redirected to have HTTPS enabled and are encrypted with trusted certificates
  • Avoid installing mobile applications from unknown sources. By default, Google prevents users from installing apps from sources other than the Play Store. We recommend that you leave the installation of apps from unknown sources disabled
  • Avoid opening links received by SMS messages, WhatsApp or other applications from unknown sources
  • Avoid downloading third-party applications or responding to suspicious messages

For information about Si Cyber’s malware detection and response capabilities, please contact sales@siconsult.com

 

All News

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.