{"id":1084,"date":"2018-05-21T18:58:18","date_gmt":"2018-05-21T18:58:18","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132149"},"modified":"2018-05-21T18:58:18","modified_gmt":"2018-05-21T18:58:18","slug":"roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/","title":{"rendered":"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/21145840\/Roaming-Mantis.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>The Roaming Mantis mobile banking trojan is roaming further afield than it ever has before. Recent analysis shows that the malware has rapidly evolved just in the past month. It\u2019s now targeting Europe and the Middle East in addition to Asian countries. According to researchers, it\u2019s following the cyber-zeitgeist by expanding its capabilities to include cryptomining (and iOS phishing).<\/p>\n<p>Roaming Mantis is a mostly-mobile malware which this year has been spreading via DNS hijacking. Potential victims are typically redirected to a malicious webpage that distributes a trojanized application that pretends to be either Facebook or Chrome. Once installed manually by users, a trojan banker will execute.<\/p>\n<p>Its sights have become much wider, however.<\/p>\n<p>\u201cRoaming Mantis has evolved quickly,\u201d said Kaspersky Lab researcher Suguru Ishimaru, in an <a href=\"https:\/\/securelist.com\/roaming-mantis-dabbles-in-mining-and-phishing-multilingually\/85607\/\">analysis<\/a>\u00a0posted on Friday. \u201cThe actors behind it have been quite active in improving their tools. The rapid growth of the campaign implies that those behind it have a strong financial motivation and are probably well-funded.\u201d<\/p>\n<p><strong>Global Infections<\/strong><\/p>\n<p>On the multilingual front, Roaming Mantis (a.k.a. MoqHao or <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing\/\">XLoader<\/a>) was seen this month to have significantly tweaked its landing pages and malicious APK files to support 27 languages \u2013 a serious expansion from the four languages it used in campaigns just a month ago.<\/p>\n<p>In campaigns observed in April, its activity was located mostly in Bangladesh, Japan and South Korea, according to Ishimaru. Kaspersky Lab has now confirmed that several more languages have been hardcoded in the HTML source of the landing page.<\/p>\n<p>These include; Arabic, Armenian, Bulgarian, Bengali, both traditional and simplified Chinese, Czech, English, Georgian, German, Hebrew, Hindi, Indonesian, Italian, Japanese, Korean, Malay, Polish, Portuguese, Russian, Serbo-Croatian, Spanish, Tagalog, Thai, Turkish, Ukrainian and Vietnamese.<\/p>\n<p>The expansion is succeeding in terms of garnering more victims: \u201cWe believe the attacker made use of an easy method to potentially infect more users, by translating their initial set of languages with an automatic translator,\u201d Ishimaru said. \u201cIt\u2019s clear from [our data] that South Korea, Bangladesh and Japan are no longer the worst affected countries; instead, Russia, Ukraine and India [bear] the brunt.\u201d<\/p>\n<p><strong>New Targets and Tactics<\/strong><\/p>\n<p>In addition to broadening its target range, an analysis of the\u00a0Roaming Mantis code reveals the criminals behind the malware have added a phishing option that targets iOS device users and a cryptomining option targeting PCs. This is a departure from the group\u2019s primary focus on the Android platform, researchers said.<\/p>\n<p>\u201cWhen a user connects to the landing page via iOS devices, the user is redirected to \u2018http:\/\/security.apple[dot]com\/\u2019,\u201d Ishimaru explained. \u201cA legitimate DNS server wouldn\u2019t be able to resolve a domain name like that, because it simply doesn\u2019t exist. However, a user connecting via a compromised router can access the landing page because the rogue DNS service resolves this domain to the IP address 172[.]247[.]116[.]155. The final page is a phishing page mimicking the Apple website with the very reassuring domain name \u2018security.apple[dot]com\u2019 in the address bar of the browser.\u201d<\/p>\n<p>The phishing site steals user IDs, passwords, card numbers, card expiration dates and CVVs. Here is where researchers said the HTML source of the phishing site supported 25 languages. Notably,\u00a0 the languages Bengali and Georgian are missing from the phishing site.<\/p>\n<p>Meanwhile, the perpetrators have added a new feature such as web mining via a the <a href=\"https:\/\/threatpost.com\/cryptojacking-attack-found-on-los-angeles-times-website\/130041\/\">CoinHive script<\/a> executed in the browser. \u201cWhen a user connects to the landing page from a PC, the CPU usage will drastically increase because of the cryptomining activity in the browser,\u201d Ishimaru said.<\/p>\n<p><strong>Better Evasion Techniques<\/strong><\/p>\n<p>\u201cThe evasion techniques used by Roaming Mantis have also become more sophisticated. Several examples of recent additions described in [the Kaspersky Lab post] include a new method of retrieving the C2 by using the email POP protocol, server-side dynamic auto-generation of changing APK file names, and the inclusion of an additional command to potentially assist in identifying research environments,\u201d researchers wrote.<\/p>\n<p>The dynamic auto-generation helps avoid blacklisting, they said.<\/p>\n<p>\u201cAside from the filename, we also observed that all the downloaded malicious APK files are unique due to package generation in real time as of May 16, 2018,\u201d explained Ishimaru. \u201cIt seems the actor added automatic generation of APK per download to avoid blacklisting by file hashes. This is a new feature.\u201d<\/p>\n<p>Meanwhile, older Roaming Mantis samples connected to the C2 by accessing a \u201clegitimate website, extracting a Chinese string from a specific part of the HTML code, and decoding it,\u201d said the researcher. In the most recent sample, instead of using HTML protocol, Roaming Mantis uses email protocol to retrieve the C2.<\/p>\n<p>\u201cThe malware connects to an email inbox using hardcoded outlook.com credentials via POP3,\u201d Ishimaru said. \u201cIt then obtains the email subject (in Chinese) and extracts the real C2 address using the string \u2018abcd\u2019 as an anchor.\u201d<\/p>\n<p>Also, the previous malicious APK from April \u201chad 18 backdoor commands to confirm victims\u2019 environments and to control devices.\u201d It\u2019s now added a feature that calls the OS ping command with the IP address of the C2 server.<\/p>\n<p>\u201cBy running this, the attackers validate the availability of the server, packet travel time or detect network filtering in the target network,\u201d he said. \u201cThis feature can also be used to detect semi-isolated research environments.\u201d<\/p>\n<p>In August 2017,\u00a0McAfee first identified and <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/android-banking-trojan-moqhao-spreading-via-sms-phishing-south-korea\/\">reported the existence<\/a> of Roaming Mantis.\u00a0At that time, the distribution method was SMS and South Korea was its only target. \u201c[By] April 2018, it had already implemented DNS hijacking and expanded its targets to the wider Asian region,\u201d Ishimaru said.<\/p>\n<p>This latest expansion indicates that the actors behind the malware have no intention of slowing down their attack rate.<\/p>\n<p> READ MORE <a href=\"https:\/\/threatpost.com\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/132149\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Analysis shows that the malware, previously a banking trojan focused on Android devices, has rapidly evolved just in the past month. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1085,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[162,301,687,106,688,689,28,690,29,691],"class_list":["post-1084","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-android","tag-banking-trojan","tag-coinhive","tag-cryptomining","tag-ios-phishing","tag-languages","tag-malware","tag-mobile-malware","tag-mobile-security","tag-roaming-mantis"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-21T18:58:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"467\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining\",\"datePublished\":\"2018-05-21T18:58:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/\"},\"wordCount\":948,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg\",\"keywords\":[\"Android\",\"banking trojan\",\"CoinHive\",\"cryptomining\",\"ios phishing\",\"languages\",\"Malware\",\"mobile malware\",\"Mobile Security\",\"roaming mantis\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/\",\"name\":\"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg\",\"datePublished\":\"2018-05-21T18:58:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg\",\"width\":700,\"height\":467},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Android\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/android\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/","og_locale":"en_US","og_type":"article","og_title":"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-21T18:58:18+00:00","og_image":[{"width":700,"height":467,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining","datePublished":"2018-05-21T18:58:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/"},"wordCount":948,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg","keywords":["Android","banking trojan","CoinHive","cryptomining","ios phishing","languages","Malware","mobile malware","Mobile Security","roaming mantis"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/","url":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/","name":"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg","datePublished":"2018-05-21T18:58:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining.jpg","width":700,"height":467},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Android","item":"https:\/\/www.threatshub.org\/blog\/tag\/android\/"},{"@type":"ListItem","position":3,"name":"Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1084"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1084\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1085"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}