Roaming Mantis is a new malware that is designed by hackers in attempt to steal information including banking details specifically from users who have Android devices. While the cyber-attack is more popular in Asia, there is also an English version that is starting to appear in America.
How Does It Work?
According to research from experts at Kaspersky Lab, the malware preys on vulnerable wireless routers by changing the way they direct/connect users to websites. For example, when users try to access a legitimate website through a compromised router, they are redirected instead to a website that appears similar prompting them to update their version of Google Chrome. However, instead of installing a newer version of Chrome, the Roaming Mantis malware is installed onto the user’s Android device.
The Roaming Mantis malware will then ask for numerous authorization permissions as it is being installed on the user’s Android device. Permissions may include the ability to appear on top of other applications, access to user’s contact list, authorization to make phone calls and send/receive SMS messages, record audio, and collect account information.
What Happens Next?
Once the user gives authorization access by pressing the enter/ok button, the device will display a fake version of a Google website hosted on a temporary web server. The fake page will prompt the user for their Gmail ID, as well as his or her full name and date of birth. With access to one’s Gmail ID, full name, and date of birth, fraudsters have enough information to start compromising banking information.
While most financial institutions, including SCCU, secure their online banking portals with layered security or Multi-Factor Authentication, the Roaming Mantis malware is capable of collecting the information needed via SMS messages to bypass the Multi-Factor Authentication process.
How to Protect Your Android Devices
We advise our members to never install applications or updates outside of the Google Play store, and to never give authorization permissions to unsecure applications or any other applications that they are unsure about.
Also, pay close attention to the items/apps for which an update is requesting authorization permissions. Chances are if the application is asking for permission to an item that raises an eyebrow, then it should not be installed.
Last but not least, we advise members to apply extreme caution when connecting to public, unsecured Wi-Fi networks.