Between 20th – 25th Apr, Antuit Cyber Intelligence Research Team (“ACIRT”) warned about an Android Banking Trojan dubbed as Roaming Mantis Malware which posed a threat of DNS Hijacking.
ACIRT has now gathered intel which suggests that this malware has evolved over time, both in scope and attack surface.
Over the last 24 hours, we have observed additional Indicators of Attack suggesting that the malware is in the wild and spreading globally. Involvement of Chinese threat actor – GEKLOFDOG is suspected.
Analysis of captured threat actor footprints and correlation with external threat vectors indicate that this is a possible threat, and your organization is advised to take precautionary measures as highlighted in this report.
Please download the report from the from below: