The threat actor Roaming Mantis has been detected since February, targeting victims across Europe and the Far East.
Their attacks are based around phishing text messages, Android users are directed to download a malicious app, whilst Apple users (as the Apple “walled garden” Apps store does an effective job of rejecting malicious apps) get directed to a web page in an attempt to steal their Apple credentials.
Roaming Mantis hits Android and iOS users in malware, phishing attacks (bleepingcomputer.com)
More fake apps
Fake and malicious apps are a real problem for Android users (although Google through it’s app store is trying to mitigate the issue) and a sometime problem for iOS users, when the Apple App Store “genius’s” fail to spot a malicious app.
How big a problem? Here are just some of the malicious/fake app articles from this week.
FBI warns of malicious cryptocurrency apps stealing millions • The Register
Google pulls malware-infected apps, 3 million users at risk • The Register
Malicious Android apps with 300K installs found on Google Play (bleepingcomputer.com)
Russian hackers use fake DDoS app to infect pro-Ukrainian activists (bleepingcomputer.com)
- Does your organisation have a policy in place to say what apps your people can have on their company or BYOD devices?
- Do you even have a software/app policy?
- Do you monitor and enforce those policies?
- Do you need flexible training for your team in how to recognise and respond to phishing and social engineering attacks?
If you need training have a look at this – it is ideal if you want to track that your team is completing the course, but want them to be able to do it at their pace:
Cyber Awake | Train Your Team To Protect Against Cyber Attacks
Clive Catton MSc (Cyber Security) – by-line and other articles
