The virus dubbed ‘Roaming Mantis’ would hijack a device and incorrectly translate a URL into an IP address. This process is standard in computing as IP addresses are how computers direct you at a website. However, instead of sending you to the intended page, the virus takes you to a malicious one, yet the URL would look legitimate.
Kaspersky Labs provided a full analysis of the ways the virus affects devices. The malware spreads by infecting devices through compromised Wi-Fi routers and then turns them into rouge DNS servers.
On Android devices the virus leads to the download of a malicious app named something like chrome.apk.
Kapersky reports, “The malware requests a bunch of permissions during the installation process, including rights to access account information, send and receive SMS messages, process voice calls, record audio, access files, display its own window on top of others, and so on.”
Once downloaded, a legitimate-looking webpage opens where the user is prompted to input their username and password, once imputed the attacker will have full access to an account. Moreover, the permissions from the originally downloaded malicious app allow the hackers to bypass two-factor authentication.
On iOS, the virus runs in a slightly different way; instead of having the user download an apk file, the attack displays a page where users are prompted to place their Apple ID and password, from then users are asked for their full credit card details. The website looks legitimate and the URL shows security[dot]apple[dot]com.
Through infected Wi-Fi routers, Roaming Mantis can attack computers and run a CoinHive cryptomining script that uses 100% of your computers CPU ability, thus, greatly slowing down processing speed. All currency mined goes directly into the attacker’s digital wallet, leaving you a large energy bill and no cryptocurrencies.
Since its inception in Southeast Asia, Roaming Mantis has been adapted into more than 24 different languages.
To prevent similar attacks from taking your organization hostage, make sure to reach out and see we can solve your cybersecurity needs.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how Symantec can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.