Wroba Mobile Banking Trojan Targets US Smartphones via SMS Messaging

Summary

After years of focusing on the Asia-Pacific region, the Roaming Mantis group is now targeting smartphone users in US for the first time with the Wroba mobile banking trojan, also known as FunkyBot, which can steal information, harvest financial data, and send SMS messages to self-propagate. The threat actors send victims fake shipping notifications via SMS messaging with a link that changes depending on the operating system on the device. For Android devices, users are directed to a malicious site and baited into downloading a “browser update” that installs the Wroba malware. Since the malware download is incompatible on iOS devices, these users are directed to a phishing website impersonating the Apple login page to harvest credentials. Cyber-criminals can target vulnerable users and mobile devices to gain access to sensitive information, install malware, and infiltrate networks and other systems.

Recommendations

The NJCCIC recommends users keep mobile device operating systems and applications up to date, install reputable apps, implement and configure security and privacy settings, disable the installation of applications from third-party sources, enable multi-factor authentication (MFA) where available, and exercise caution with suspicious communications, websites, and apps. For more information, please see the Threatpost article.