A Multilingual Android Malware Evolves, Targeting Users in Europe and the Middle East
A new wave of Android malware that initially targeted victims in Asia through DNS hijacking has now evolved into a more sophisticated threat, expanding its reach to Europe and the Middle East. According to recent research by Kaspersky Lab, Roaming Mantis, the malware distributed through DNS hijacking, has become multilingual and added new features to evade detection.
Expanding Attack Surface
Originally discovered earlier this year, Roaming Mantis has grown in scope and complexity. The malware now supports 27 languages, including European and Middle Eastern languages, making it more difficult to detect and mitigate. Researchers believe that a financially motivated cybercriminal group, potentially Korean or Chinese-speaking, is behind the operation.
Security researcher Suguru Ishimaru noted in a recent blog post that the attackers have expanded their target languages significantly and continue to add comments in Simplified Chinese. The latest malicious apk now supports 27 languages, indicating a concerted effort to infect more devices globally.
New Features and Capabilities
In addition to targeting Android devices, Roaming Mantis has now set its sights on iOS devices as well. By using a phishing site to steal user credentials, the malware redirects iOS users to a fake Apple website, exploiting compromised routers to bypass traditional security measures.
Furthermore, the malware has added a PC crypto-mining capability, allowing cybercriminals to mine for cryptocurrency using a popular script like Coinhive. This feature enables attackers to exploit the processing power of infected devices for financial gain.
Protecting Against Roaming Mantis
To protect against Roaming Mantis and similar threats, users are advised to update their devices regularly, avoid connecting to unsecured networks, and be cautious when clicking on suspicious links or downloading unknown apps. Additionally, using reputable security software can help detect and remove malware from infected devices.
As cybercriminals continue to evolve their tactics and target new regions, staying vigilant and implementing robust security measures is essential to safeguarding personal information and devices from malicious actors.