Advanced Malicious Campaigns Moving From East to West: Data Security Analysis on Safer Internet Day

Kaspersky Illustrates contemporary information security threats and a brief overview of Internet Security on Safer Internet Day by Nikhil Arora, MD, GoDaddy India.

Sharing is caring!

The whole social ecosystem is connected and information is getting accessed from all dimensions. It is very important for all of us to keep an eye on the data security aspects of our digital exposure.

On Safer Internet Day

Nikhil Arora, GoDaddy
Nikhil Arora,

Mr. Nikhil Arora, Vice President, and Managing Director, GoDaddy India commented, “The global pandemic necessitated many SMEs to take their businesses online, thereby requiring them to also pay attention to security for their business websites, helping to protect them from vulnerabilities and threats. This makes it critical for SMEs to choose their hosting partners carefully for those that can provide a more secure online experience, including for example: security tools, system updates, password protection and monitors their websites continuously. We at GoDaddy, offers both 24/7 monitoring and quick response time, along with solutions, which includes anti-virus, anti–spam and firewall protections for optimum safety. Moreover, our services include comprehensive protection through Website Security, SSL Certificates, Back-up & Restore, Firewall, and CDN as a bundled security solution package for budding businesses. These prominent security solutions help build greater customer trust as it demonstrates the website and business legitimacy. GoDaddy continues to support Indian small businesses and entrepreneurs with an integrated suite of online tools and solutions with security protections, that are easy to use and affordable.”  

Internet Security Commentary from  Kaspersky

Kaspersky discovered that a malicious campaign dubbed Roaming Mantis, previously targeting mostly Asian regions, is expanding its infections via actively smishing (attacking through phishing mobile text messages and redirecting users to malicious content) new targets in Germany and France. The actor behind the campaign spreads mobile malware and phishing pages to collect targets’ private information and steal their money. The infected device then sends SMiShing messages to the next set of targets, like those that are in the user’s list of contacts for example.

In April 2018, Kaspersky researchers first discovered the Roaming Mantis. At the time, these cybercriminals only infected Android smartphones and targeted mostly Asian regions (South Korea, Bangladesh, and Japan). The campaign has evolved significantly in a short period of time. Since 2018, they have used various attack methods such as phishingminingsmishingand DNS-hijacking. The group has now expanded its geography, adding European countries to its main target regions.

The most affected countries are France, Japan, India, Germany, and Korea

Typically, the smishing messages contain a very short description and a URL to a landing page. If a user clicks on the link and opens the landing page, there are two scenarios in the Roaming Mantis campaign. In the first scenario, if it’s an iOS user, they are redirected to a phishing page imitating the official Apple website and are prompted to input the credentials. In the second scenario, the Android device gets infected by malware after clicking on the link in the smishing message. Then the actor starts sending SMiShing messages to new targets via the infected device, both from the user’s list of contacts and generated phone numbers. SMS texts, as a more personal communication channel, also naturally lower a person’s defenses against threats, as users usually do not expect to receive a malicious message from the people they know. This campaign against both iOS and Android users in France and Germany was so active that the police and local media published SMiShing alerts.

SMiShing alerts on German and French websites

The actor sets up a feature so that it always checks the region of the infected Android device in order to display a phishing page in the corresponding language. In previous versions it was only used to check for three regions: Hong Kong, Taiwan, and Japan. Kaspersky experts observed an update in the latest version of the payload part, and now Germany and France have been added as new regions. Using the native language of targets allows the actor to manipulate a user’s decision-making and eventually convinces them to share their personal information and bank details.

Compared to earlier versions, there is also a new modification in the backdoor commands. The developer added backdoor commands to steal photos from infected devices, but information on how exactly the actor uses stolen pictures has not yet been found. However, cybercriminals often use personal photos to get money through blackmail or sextortion.

“Roaming Mantis has actively evolved over the past five years, coming up with new ways to attack, as well as expanding the territory of targeted countries. We predict these attacks will continue in 2022 because of the strong financial motivation, especially with the advent of new backdoor features that allow the actor to use victims’ photos. To keep users around the world safe, we are constantly researching and reporting on the latest Roaming Mantis activity,” comments Suguru Ishimaru, senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).

SMEStreet Edit Desk

SMEStreet Edit Desk is a small group of excited and motivated journalists and editors who are committed to building MSME ecosystem through valuable information and knowledge spread.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: