According to Kaspersky, a notorious mobile malware that has been hitting Asia for several years is now targeting the United States, targeting both iOS and Android devices.
Wroba, aka Roaming Mantis, was first discovered attacking South Korean phones by Malwarebytes researchers in 2013 and has since moved on to other parts of Asia and has made its way into Europe.
Essentially a banking Trojan, it infects Android phones and attempts to steal files, passwords, contact lists, and messages, open web pages, make phone calls, and send SMS text messages. However, it is now also attacking iPhones.
In the current campaign, which Kaspersky researchers noticed in the U.S. last week, infected devices send "smishing" (SMS phishing) texts to users' contacts.
The message informs the next generation of potential victims that "your parcel has been shipped" and that they need to click on an embedded link to find out where to pick up the parcel. This is a tried and true phishing technique that has been used recently in other campaigns.
For Android phones, the link takes you to a page that prompts you to "update" your Chrome browser, and the update is actually malware; for iPhones, no malware is displayed, but you are presented with what looks like an Apple login page, where you are prompted to enter your Apple username and password. Inc. username and password. Please don't do this.
"Wroba is ...... sitting quietly in the background and can arbitrarily deliver credential harvesting pages to your browser," Lookout researcher Hank Schless told Threatpost. As long as it goes unnoticed, "even the most private accounts can attempt to get your login data.
The bad guys behind this are believed to be a Chinese criminal organization. The malware has used a number of techniques to attack mobile devices, including DNS hijacking to redirect web links, hacking home Wi-Fi routers, using fake postal service apps, and even installing cryptocurrency mining software.
The first rule to avoid becoming a victim is to ignore random SMS messages from unknown senders.
If the message appears to be for someone else, but is telling you that a very valuable device, say a brand new iPhone, is waiting for you to pick it up, common sense should not be defeated by the desire to get it for free.
Second, don't log into websites that pop up when you least expect it. There is no reason for an Apple login page to pop up when you are trying to find where to pick up a package.
Third, don't download apps from dubious sources; for Android, stick to the official Google Play store and disable installation of software from "unknown sources."
For iOS, unless you jailbreak your phone, you are limited to the App Store and in that case you should stick to Cydia.
Finally, Android users should install and use one of the best Android antivirus apps. Some of them are free and most will protect your phone better than the built-in Google Play Protect.
If you use an iPhone, you will see apps from well-known antivirus companies touting their security solutions: Apple does not put antivirus apps in the App Store.
Comments