Roaming Mantis malware on the loose in Asia

More than 150 Asian attacks by Roaming Mantis, a new Android malware that steals user information, have been detected.

The malware, identified by researchers of cybersecurity firm Kaspersky Lab, gives attackers full control over the compromised Android device.

Between February and April 2018, researchers found the malware in more than 150 user networks, mainly in South Korea, Bangladesh and Japan, but there are likely many more victims.

Researchers believe that a cybercriminal group looking for financial gain is behind the operation.

“The story was recently reported in the Japanese media, but once we did a little more research, we found that the threat does not originate there,” said Vitaly Kamluk, director of global research analysis for Asia-Pacific. “In fact, we found a number of clues that the attacker behind this threat speaks either Chinese or Korean. Further, the majority of victims were not located in Japan either. Roaming Mantis seems to be focusing mainly on Korea, and Japan appears to have been a kind of collateral damage.”

While Kaspersky Lab’s detection data uncovered about 150 targets, further analysis revealed thousands of connections hitting the attackers’ command and control servers on a daily basis, pointing to a far larger scale of attack.