2/12/2024 0 Comments Modern combat versus minu mantis![]() ![]() ![]() ![]() However, as it’s easy for the criminals to modify the phishing page address, apps without corresponding phishing sites are also likely to be attacked again in the near future. In January 2020, only three of these accounts were enabled for some reason. These destination URLs are continuously changed by the attackers. The targeted packages for online banks and mobile carriers correspond to the relevant accounts on that lead to phishing sites: Pkgs or mobile carrierĪs can be seen in the table above, all the accounts have corresponding phishing sites as of December 2019 (data provided by on Twitter). Redirecting to a phishing site via malicious account on The spoofed brand icon is customized for the country it targets, for example, Sagawa Express for Japan Yamato Transport and FedEx for Taiwan CJ Logistics for South Korea and Econt Express for Russia. In 2019, we confirmed another new method where a downloaded malicious APK file has an icon that impersonates a major courier company brand. ![]() It was SMiShing using a spoofed delivery notice from a logistics company. In 2018, the group added a distribution method for Wroba.g (aliases: Moqhao and XLoader), in addition to the original method of DNS hijacking. Distribution of Wroba.g via SMiShing with impersonated brands We’ve also observed new malware families: Fakecop (also known as SpyAgent by McAfee) and Wroba.j (also known as Funkybot by Fortinet). The attackers’ focus has also shifted to techniques that avoid tracking and research: allowlist for distribution, analysis environment detection and so on. The group’s attack methods have improved and new targets continuously added in order to steal more funds. Kaspersky has continued to track the Roaming Mantis campaign. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |