Roaming Mantis expands and embeds iOS phishing and mining scripts

by Ugnius Kiguolis - -

Android malware now has evolved and uses 27 different languages

Roaming Mantis illustration

Roaming Mantis is a banking trojan also known as XLoader and MoqHao[1]. Previously, it mainly affected only Android devices, including smartphones, tablets, etc. According to the researchers, this malicious program was active just in Bangladesh, China, India, Korea, and Japan. 

However, the latest news show that Roaming Mantis has been translated into more than 27 other languages and updated with additional features[2]. Currently, this banking trojan targets people from Europe and the Middle East, including:

  • Bulgarian;
  • Czech;
  • English;
  • Hebrew;
  • Armenian;
  • Italian;
  • Georgian;
  • Malay;
  • Portuguese;
  • Serbo-Croatian;
  • Tagalog;
  • Ukrainian;
  • Traditional Chinese;
  • Arabic;
  • Bengali;
  • German;
  • Spanish;
  • Hindi;
  • Indonesian;
  • Japanese;
  • Korean;
  • Polish;
  • Russian;
  • Thai;
  • Turkish;
  • Vietnamese;
  • Simplified Chinese.

Suguru Ishimaru, the security researcher at Kaspersky Lab, thinks that hackers have used standard techniques to translate the text into different languages automatically and spread their infection globally[3]:

We believe the attacker made use of an easy method to potentially infect more users, by translating their initial set of languages with an automatic translator.

Criminals aim to infect iOS devices as well

While Roaming Mantis virus was initially designed for Android only, now hackers have switched their tactics and also target iOS gadgets[4]. Experts claim that the purpose of such actions is to spread the infection globally since the new iOS phishing attacks allow the crooks to get user's credentials.

According to the research, bogus DNS service resolves hxxp:// domain to the 172.247.116[.]155 IP address which results in a redirect to the phishing website which looks exceptionally similar to legitimate Apple site. Thus, people are tricked to provide sensitive data directly to the criminals.

The fake website is also translated into 25 different languages and is designed to collect Apple ID details, including credit card number, expiration date, CVV code, log in and password. The only two languages that are missing — Georgian and Bengali.

Roaming Mantis is updated to perform crypto-mining activities

Experts have analyzed the code of Roaming Mantis and discovered that it is now able to exploit computer's resources and mine cryptocurrency. This is because Coinhive's script has been embedded to the HTML source code[5]. This Javascript miner has recently gained success among the hackers and became widely used across the world.

Once the user is connected to the landing page from the computer, its CPU power becomes accessible to the web miner. Likewise, CPU usage might increase up to 100% and cause PC damage or significant deterioration of its performance. In the long-run, some devices may even become unusable. 

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding Roaming Mantis expands and embeds iOS phishing and mining scripts