SecurityAffairs has recently uncovered a new malicious virus called Roaming Mantis that is using the Wroba malware family to spread. The virus has been seen targeting Android devices in certain regions with malicious code that can access and change system settings and steal passwords. Security researchers believe Roaming Mantis originated in Asia as this is where it has been found on most occasions, with Japanese users being the most affected at this time. As the virus propagates via incorrect users visiting websites redirecting to malicious addresses, it is critical that users avoid clicking on suspicious and unfamiliar links.
Roaming Mantis is a type of ransomware, which is a form of malware that restricts access to files and data on a system until a ransom is paid. Once the user is infected, their device is locked down and all the data on it is encrypted so it cannot be accessed. To pay the ransom, the victim usually needs to send Bitcoin or other forms of cryptocurrency to the cybercriminal responsible for the malware. To make matters worse, the victim might be asked to pay multiple times and continually be extorted until the ransom is paid.
Once in a device, Roaming Mantis can access and change system settings, as well as access passwords and other confidential information. It can also potentially steal mobile money and cryptocurrency from the user’s wallet. To avoid infection with Roaming Mantis, users should only download software from reputable sources and avoid visiting unfamiliar websites. It is also important to install security solutions on the device to provide ongoing protection.
SecurityAffairs has been tracking Roaming Mantis for the past few months and, as the virus continues to become more sophisticated and dangerous, it is vital that users remain vigilant and take the necessary steps to protect their devices from this evolving malware.
This Cyber News was published on securityaffairs.com. Publication date: Mon, 23 Jan 2023 08:46:03 +0000