Kaspersky Lab virus scans the Smartphones in Asia
Kaspersky Lab researchers have come up detecting the new Android virus in Asia, which is responsible for distributing a Domain Name System (DNS) seizing and selecting smartphones. In 2018, the researcher has suspected the malware in almost 150 user networks, between February and April, mostly in South Korea, Bangladesh, and Japan but possibly there are many more victims.
This campaign was entitled as Roaming Mantis that stays highly active and is outlined in such a way to steal the user information that includes the credentials to offering the attackers with the full control over the particular Android devices.Researchers think that the cybercriminal groups those are behind this operation are looking for the financial profit.
Kaspersky activation’s detection has pointed out that the attackers who are behind this malware are looking up for the vulnerable routers for the agreement and the distribution through a simple but very useful trick of seizing those infected router’s DNS settings. It is still unknown the process of router settlement.
In APAC, Director of the Global Research Analysis Team (GReAT), Vitaly Kamluk said that the narration was currently published in Japanese media. They did a little bit research after that and found out that the threat doesn’t reside there. Moreover, they found out with some clues that the attacker behind this threat either speaks Chinese or Korean. And the majority of the victims aren't spotted in Japan. Roaming Mantis that mainly focuses on Korea or Japan has a bit of parallel damage.
Once the DNS is successfully seized. The users may try on accessing any website may lead them to face with feigning content that coming from the attacker's server. The request may show up as for better experiences of the browsing, the users need to update to the new versions of Chrome.
After clicking on the link the trojanized application’s installation will commence for that named as either facebook.apk or chrome.apk that has the attackers’ Android backdoor. For the two-factor authentication, it is responsible for collecting the data that includes the credentials.
Researchers have got information regarding some of the malware code that it includes a citation to mobile banking and game applications IDs that got popularity in South Korea. In the meanwhile, the Kaspersky Lab’s research data revealed around 150 targets, further scrutiny also detects 1000 connections that are attacking the attackers’ command and control (C2) that serves on the daily basis and indicates to the far larger scale of attack.
Considering everything demonstrates that possible the campaign was done for the financial purposes. And the outline of Roaming Mantis’s malware indicates that this is made intentionally to spread all over Asia.
Other than this, it supports four languages- Korean, Japanese, Simplified Chinese, and English. Moreover, from the profit gained suggests that the attackers who are behind this attack are more or less familiar with Korean and simplified Chinese. Kaspersky activation products’ detection shows that the threat is Trojan-Banker.AndroidOS.Wroba.
At Kaspersky Lab, Japan Security Researcher, Suguru Ishimaru said that the Roaming Mantis is an active and very fast changing threat. Due to this, they’re publishing their research work, other than waiting for the answers. This shows up as somewhat motivating behind the attacks and we should spread awareness so that the people and the organizations, can better acknowledge the threat. And the usage of the this infected routers and hijack DNS shows up the need for the strong device protection and the use of the secure connections.
This campaign was entitled as Roaming Mantis that stays highly active and is outlined in such a way to steal the user information that includes the credentials to offering the attackers with the full control over the particular Android devices.Researchers think that the cybercriminal groups those are behind this operation are looking for the financial profit.
Kaspersky activation’s detection has pointed out that the attackers who are behind this malware are looking up for the vulnerable routers for the agreement and the distribution through a simple but very useful trick of seizing those infected router’s DNS settings. It is still unknown the process of router settlement.
In APAC, Director of the Global Research Analysis Team (GReAT), Vitaly Kamluk said that the narration was currently published in Japanese media. They did a little bit research after that and found out that the threat doesn’t reside there. Moreover, they found out with some clues that the attacker behind this threat either speaks Chinese or Korean. And the majority of the victims aren't spotted in Japan. Roaming Mantis that mainly focuses on Korea or Japan has a bit of parallel damage.
Once the DNS is successfully seized. The users may try on accessing any website may lead them to face with feigning content that coming from the attacker's server. The request may show up as for better experiences of the browsing, the users need to update to the new versions of Chrome.
After clicking on the link the trojanized application’s installation will commence for that named as either facebook.apk or chrome.apk that has the attackers’ Android backdoor. For the two-factor authentication, it is responsible for collecting the data that includes the credentials.
Researchers have got information regarding some of the malware code that it includes a citation to mobile banking and game applications IDs that got popularity in South Korea. In the meanwhile, the Kaspersky Lab’s research data revealed around 150 targets, further scrutiny also detects 1000 connections that are attacking the attackers’ command and control (C2) that serves on the daily basis and indicates to the far larger scale of attack.
Considering everything demonstrates that possible the campaign was done for the financial purposes. And the outline of Roaming Mantis’s malware indicates that this is made intentionally to spread all over Asia.
Other than this, it supports four languages- Korean, Japanese, Simplified Chinese, and English. Moreover, from the profit gained suggests that the attackers who are behind this attack are more or less familiar with Korean and simplified Chinese. Kaspersky activation products’ detection shows that the threat is Trojan-Banker.AndroidOS.Wroba.
At Kaspersky Lab, Japan Security Researcher, Suguru Ishimaru said that the Roaming Mantis is an active and very fast changing threat. Due to this, they’re publishing their research work, other than waiting for the answers. This shows up as somewhat motivating behind the attacks and we should spread awareness so that the people and the organizations, can better acknowledge the threat. And the usage of the this infected routers and hijack DNS shows up the need for the strong device protection and the use of the secure connections.
Comments
Post a Comment