The spread of the Roaming Mantis malware
Openmind’s team of Messaging Security Analysts are continuing to observe the spread of the Roaming Mantis malware that uses fraudulent text messages to infect Android devices and to lure iPhone users into revealing Apple ID credentials. In particular, French mobile subscribers are being hit by hundreds of thousands of messages originating from infected devices across European networks. These messages are being routed into France via both direct routes and hubs – on one route alone we detected 269,000 messages sent in the last 7 days.
The attacks on French subscribers are highly coordinated. The criminals behind the Malware are controlling Infected devices across the world as a Botnet, and regularly change the contents of the messages and the URLs used to spread the malware.
The most common form of text message seen recently is:
Votre colis a été envoyé. Veuillez le vérifier et le recevoir. http://prpnz.euryr.com
While France is currently the primary target of these attacks, other French speaking countries in North Africa and elsewhere are also receiving large volumes of fraudulent messages. Other countries in Europe and Asia were previously the main targets, and Openmind is monitoring the situation closely to follow any change in the destination of the attack.
The malware itself is a trojan, and can be instructed by the criminals to execute 21 different malicious commands that send text messages, monitor data communications and access photos or other data stored on the device. The ability of the malware to obtain photos and videos from an infected device and upload them to a central server creates new ‘monetization’ opportunities for the criminals in the form of identity theft, extortion and blackmail.
Although the overall volume of messages targeting French subscribers is high, the number sent by each individual infected handset is relatively low – typically less than 1,000 per week. This stealthy approach is designed to avoid detection by legacy SMS Firewalls that depend on simple thresholds to recognize fraud.
Contact Openmind today to learn how our Machine Learning algorithms can defeat the spread of Malware such as Roaming Mantis. Your country may be the next target of these attacks and now is the time to build up your defenses.