Roaming Mantis part III: iOS crypto-mining and spreading via malicious content delivery system | Advanced Mobile Spy Software
In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. In the beginning, the criminals used DNS hijacking in vulnerable routers to spread malicious Android applications of Roaming Mantis (aka MoqHao and XLoader), spoofing legitimate applications such as Facebook and Chrome. During our research, it became clear that Roaming Mantis has been rather active and has evolved quickly. The group's malware now supports 27 languages, including multiple countries from Asia and beyond, Europe and the Middle East. In addition, they have started using web crypto-mining for PC, and an Apple phishing page for iOS devices. You can check previous chapters of this research here: Roaming Mantis uses DNS hijacking to infect Android smartphones (April 2018) Roaming Mantis dabbles in mining and phishing multilingually (May 2018) In addition we would like to thank and credit security researchers from LAC Co. Ltd. for a very insightful article