MoqHao Android Malware Evolves with Auto-Execution Capability

Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no...

IT threat evolution Q1 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated...

Roaming Mantis Malware Returns with DNS Changer Capability

By Deeba Ahmed Roaming Mantis malware was last seen in April 2018 targeting iOS and Android devices with cryptocurrency mining malware but this time, it has new DNS changer capabilities. This is a post from HackRead.com Read the original post: Roaming Mantis Malware Returns with DNS Changer...

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System DNS hijacking. Kaspersky, which carried out an analysis of the malicious...

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

Roaming Mantis a.k.a Shaoye is well-known as a long-term cyberattack campaign that uses malicious Android package APK files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has be...

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the...

Roaming Mantis Expands Android Backdoor to Europe

The Roaming Mantis Android malware campaign has buzzed into Europe, quickly infesting France in particular, where there have been 66,789 downloads of the group’s specific remote access trojan RAT as of January. The campaign pushes the Android RAT known as Wroba aka Moqhao or XLoader onto victim...

Roaming Mantis reaches Europe

Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones Roaming Mantis dabbles i...

FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps

Android mobile device users are being targeted in a new SMS phishing campaign that’s spreading the FakeSpy infostealer. The malware, which is disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from the victims’ devices. The campaign was first discover...

IT threat evolution Q1 2020

Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it...

Roaming Mantis, part V

Kaspersky has continued to track the Roaming Mantis campaign. The group's attack methods have improved and new targets continuously added in order to steal more funds. The attackers' focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis...

IT threat evolution Q2 2019

Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added...

Roaming Mantis, part III

In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. In the beginning, the criminals used DNS hijacking in vulnerable routers to spread malicious Android applications of Roaming Mantis aka MoqHao and XLoader, spoofing legitimat...

Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining

The Roaming Mantis mobile banking trojan is roaming further afield than it ever has before. Recent analysis shows that the malware has rapidly evolved just in the past month. It’s now targeting Europe and the Middle East in addition to Asian countries. According to researchers, it’s following the...

DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking...

Roaming Mantis dabbles in mining and phishing multilingually

In April 2018, Kaspersky Lab published a blogpost titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones'. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. This activity is located mostly in Asia South Korea, Banglades...

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the...

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...