pesquisa New Kaspersky indica que o cada vez mais popular Roaming Mantis Grupo está testando uma nova técnica de monetização que envolve o redirecionamento de usuários iOS para Coinhive no navegador páginas de mineração. Prior activities of this hacking group included the exploitation of vulnerable routers and changing their DNS configuration.
This would allow attackers to redirect router traffic to malicious Android applications masqueraded as Facebook or Chrome, or in the case of Apple devices – to phishing pages deployed to harvest Apple ID credentials.
The Roaming Mantis Group with New Hacking Approaches
In its newest campaigns, the attackers seem to be redirecting iOS users to pages that are laden with the Coinhive in-browser mining script, instead of redirecting them to the regular Apple phishing page. Once redirected, users are shown a blank page, with their CPU jumping up to 90% or even higher.
“Durante a nossa pesquisa, it became clear that Roaming Mantis has been rather active and has evolved quickly,” Kaspersky researchers said. Pelo visto, malware produced by the Roaming Mantis Group now supports 27 línguas, including multiple countries from Asia and beyond, Europe and the Middle East. The latest updates in terms of malicious activities include web crypto-mining for PC, and Apple phishing pages for iOS devices.
We have confirmed several new activities and changes to their illegal profit-gaining methods such as web crypto mining for iOS devices, spreading via malicious content delivery system and so on, Kaspersky adicionado.
The hacking group previously targeted iOS devices via an Apple phishing page designed to harvest credentials. Contudo, now the HTML source code of the malicious landing page appears to have been changed.
Pelo visto, the hackers disabled redirection to the fake Apple portal (with a phishing page) and added code with a web mining script (previously used only for computers) to run mining on iOS devices, os pesquisadores explicaram.
Curiosamente, the day after Kaspersky confirmed their findings, the hackers switched back to Apple phishing again. “We believe that the criminals, at that time, were testing the possible revenue from web mining on iOS devices, looking for an efficient way to monetize their activities“, Kaspersky concluded.