Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky unmasks active malicious campaigns targeting Android and iOS users in APAC

Global cybersecurity company shares how to secure smartphones from “Anubis” mobile Trojan and the infamous “Roaming Mantis” campaign.

With the continued uptick in the adoption of mobile banking in Asia Pacific (APAC), global cybersecurity company Kaspersky warns of more attacks against Android and iOS devices. Particularly, active monitoring shows the notorious Anubis Trojan now delivers a combination of mobile banking Trojan with ransomware functionalities to its target smartphones.

Mobile banking Trojans are one of the most dangerous species in the malware world. This type of threat steals money from mobile users’ bank accounts usually by disguising the Trojans as legitimate apps to lure people into installing the malware.

Kaspersky’s elite researcher – Suguru Ishimaru – zeroed in on the mobile threat landscape in APAC to answer: what if there are no smartphones? Sharing the reality that users cannot live without a mobile device, he unmasked the latest malware targeting iOS and Android users in APAC during the company’s 8th Cyber Security Weekend in Phuket, Thailand.

Suguru Ishimaru, Senior Malware Researcher for Global Research and Analysis Team (GReAT) at Kaspersky 

Anubis is a mobile banking Trojan targeting Android users as early as 2017. Its worldwide campaigns targeted users from Russia, Turkey, India, China, Colombia, France, Germany, the US, Denmark, and Vietnam.

Advertisement. Scroll to continue reading.

This malware family continues to be one of the most common mobile bankers, according to Kaspersky’s latest mobile statistics in the second quarter of 2022. In this period, one in 10 (10.48%) of unique Kaspersky users globally who encountered a banking threat have encountered Anubis mobile banking Trojan.

Initial infections are done through multiple ways – legitimate-looking and high-ranking but malicious apps available on Google Play, smishing (phishing messages sent through SMS), and Bian malware, another mobile banking Trojan.

Once in, this infamous mobile banker can do a complete device takeover. It can steal personal information and identity, access private messages and login credentials, record sound, request GPS, disable play protection, lock the device’s screen, and more.

“Anubis is known for compromising hundreds of bank customers per campaign, proving that it’s among the most active malware targeting Android users right now. Our recent findings show that the cybercriminals behind this threat have started implementing ransom functionalities. If this modification proves to be successful, chances are other malicious groups will copy the same technique of stealing data and holding devices hostage. As a result, I expect to see more of such attacks in APAC due to cybercriminals’ strong financial motivation,” says Ishimaru, Senior Malware Researcher for Global Research and Analysis Team (GReAT) at Kaspersky.

The threat against Android and iOS users: Roaming Mantis

Another prolific threat actor targeting mobile banking users, globally and in the APAC region, is Roaming Mantis. The group carries out malicious campaigns that target Android devices and spreads mobile malware initially via DNS hijacking and currently through smishing.

Advertisement. Scroll to continue reading.

Kaspersky experts have been tracking its operations since 2018 and detected almost half a million attacks in APAC from 2021 to the first half of 2022. Most numbers of the malware were blocked from infecting Kaspersky users in Russia, Japan, South Korea, India, and China.

Ishimaru also underlined that while the cybercriminal group is known for targeting Android devices, Roaming Mantis’ recent campaign showed interest in iOS users.

Using the same techniques, the smishing messages targeting iOS users contain a very short description and a URL to a landing page. If a user clicks on the link and opens the landing page, there are two scenarios: iOS users are redirected to a phishing page imitating the official Apple website, while the Wroba malware is downloaded on Android devices.

If a victim inputs his credentials to the phishing website, it will then proceed to the 2FA (two-factor authentication) phishing website. This allows the attacker to know the user’s device, credentials, and 2FA codes.

“There is a notion that iOS is a more secure operating system. However, we must take two things into account – the increasing sophistication of mobile bankers’ social engineering techniques and malware arsenal and the possibility for human errors. Remember that both Anubis and Roaming Mantis require user’s participation before they can take over a device. With more than half (63%) of digital payments in APAC doing their financial transactions online through mobile devices, awareness is no longer enough. Protecting our smartphones is a step that everyone should be doing by now,” adds Ishimaru.

Kaspersky expert suggests two layers of protection for smartphones

Advertisement. Scroll to continue reading.
  • Basic security
    • Keep phones up-to-date and install the latest patches 
    • Reboot daily
    • Do NOT trust third-party apps and mobileconfig
    • NEVER click on links sent through SMS
    • Install a security solution like Kaspersky Total Security
  • Advanced protection
    • Use a VPN to mask your traffic
    • Check live network traffic using live Indicator of Compromise (IOCs)
    • Use Lockdown Mode for iOS 16 users

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement