A notorious piece of mobile malware that has ravaged Asia for several years is now setting its sights on the United States, targeting both iOS and Android devices according to Kaspersky.
Wroba, aka Roaming Mantis, was first found by Malwarebytes researchers (opens in new tab) in 2013 attacking South Korean phones, and it's since moved on to the rest of Asia and made inroads in Europe.
- Facebook Messenger, Instagram have huge security risk: What to do
- Best Android antivirus apps to keep your phone shiny
- Latest: Google Pixel 5 has a killer hidden feature iPhone 12 can't match
At base, it's a banking Trojan that infects Android phones and tries to steal files, passwords, contact lists and messages, open web pages, make calls and send SMS text messages. But it's now attacking iPhones too.
In the current campaign, noticed in the U.S. by Kaspersky researchers last week, infected devices send "smishing" — SMS phishing — texts to the users' contacts.
The messages notify the next generation of potential victims that "your parcel has been sent out" and that they need to click on the embedded link to learn where to pick up said parcels. It's a tried-and-true phishing technique that we've recently seen used in other campaigns.
If you're on an Android phone, the link takes you to a page where you're invited to "update" your Chrome browser — and the update is actually the malware. If you're on an iPhone, you don't get malware, but you're taken to what looks like an Apple login page, where you're supposed to enter your Apple username and password. Don't.
"Wroba ... can sit silently in the background and deliver credential harvesting pages to your browser at will," Lookout researcher Hank Schless told Threatpost. "As long as it goes unnoticed, it can attempt to grab your login data for even your most private accounts."
The baddies behind this are believed to be a Chinese criminal gang. Over the year, the malware has used many techniques to attack mobile devices, including redirecting weblinks through DNS hijacking (opens in new tab), hacking home Wi-Fi routers (opens in new tab), using fake postal-service apps (opens in new tab) and even installing cryptocurrency-mining software (opens in new tab).
How to avoid this malware campaign
To avoid becoming a victim, the first rule is to ignore SMS messages that come from random senders you don't know.
If the message seems to be meant for someone else but tells you a very valuable device — say, a brand-new iPhone — is waiting for you to come pick it up, don't let your desire for free goodies overwhelm your common sense.
Second, don't log into websites that pop up when you least expect them. There's no reason the Apple login page should appear when you're just trying to find out where to pick up a package.
Third, don't download apps from dodgy sources. If you're on Android, stick to the official Google Play Store and disable installation of software from "unknown sources." If you're on iOS, you're limited to the App Store unless you jailbreak your phone, in which case you should stick to Cydia.
If you're on an iPhone, you'll see apps from well-known antivirus companies that purport to be security solutions, but read the fine print: Apple doesn't let antivirus apps into the App Store.