#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Roaming Mantis | Breaking Cybersecurity News | The Hacker News

Category — Roaming Mantis
Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Jan 20, 2023 Network Security / Mobile Hacking
Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System ( DNS ) hijacking. Kaspersky, which carried out an  analysis  of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea. Roaming Mantis, also known as Shaoye, is a long-running financially motivated operation that singles out Android smartphone users with malware capable of stealing bank account credentials as well as harvesting other kinds of sensitive information. Although primarily  targeting the Asian region  since 2018, the hacking crew was detected  expanding  its  victim range  to include France and Germany for the first time in early 2022 by camouflaging the malware as the Google Chrome web browser application. The attacks leverage smishing messages as the initial intrusion vector of choice to deliver
'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns

'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns

Feb 08, 2022
A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and  Germany  for the first time. Dubbed  Roaming Mantis , the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android users are infected with a banking trojan known as Wroba whereas iPhone users are redirected to a phishing page that masquerades as the official Apple website. The top affected countries, based on telemetry data gathered by Kaspersky between July 2021 and January 2022, are France, Japan, India, China, Germany, and Korea. Also tracked under the names  MoqHao  and XLoader (not to be confused with the info-stealer malware of the same name  targeting Windows and macOS ), the group's activity has continued to expand geographically even as the operators broadened their attack methods to m
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Sep 09, 2024SaaS Security / Risk Management
Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion. SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up. Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations. SaaS is a Moving Target SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeovers
DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

May 21, 2018
Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis , the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users' login credentials and the secret code for two-factor authentication. According to security researchers at Kaspersky Lab s, the criminal group behind the Roaming Mantis campaign has broadened their targets by adding phishing attacks for iOS devices, and cryptocurrency mining script for PC users. Moreover, while the initial attacks were designed to target users from South East Asia–including South Korea, China Bangladesh, and Japan–the new campaign now support 27 languages to expand its operations to infect people across Europe and the Middle East. How the Roaming Mantis Malware Works Similar to the previous version, the new Roaming Mantis
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Expert Insights / Articles Videos
Cybersecurity Resources