Roaming Mantis, the iPhone malware that creates Bitcoin

Kaspersky cybersecurity researchers have discovered an evolution of the Roaming Mantis malware that now targets iPhones to mine Bitcoin

The Roaming Mantis malware has updated itself. After using it to infect Android smartphones and tablets, cybercriminals have modified the source code of their virus to be able to hit iPhone and iPad users as well.

On green robot devices, Roaming Mantis malware was used to steal user data. Once installed, cybercriminals would receive confidential data and information, such as bank account access codes, passwords and documents without the user being able to notice. On iPhone Roaming Mantis behaves differently: it is always spread through phishing messages on our e-mails, but on mobile phones it is structured to secretly generate Bitcoins. Basically, it exploits the computing power of our iPhone to mine cryptocurrencies. Initially, the virus affected iOS users only in Asia but now the malware has spread to Europe and the United States.

Roaming Mantis, the rapidly spreading iPhone virus

Among the main updates of Roaming Mantis virus we find a compatibility with 27 different languages, including English, Spanish, Hebrew, Chinese, Russian and Hindi. Proving that the cyber criminal group behind the cyber attack is trying to hit as many users as possible. The new threat was discovered by Kaspersky Lab researchers, who also noticed a change in the way Roaming Mantis spreads on iOS. To infect iPhones and iPads, a DNS hijacking is implemented, which "forces" unsuspecting users to access compromised versions of popular web portals, thus leading them to download the virus themselves. Often the malicious site faithfully reproduces Apple's "" portal: if the user is not aware of the deception, he is led to enter his credentials, ID code and other confidential information, as well as download the malware.

Not only credential theft but also cryptomining

Credential theft is not the only "side effect" of the new version of Roaming Mantis. As mentioned, part of the malware's code has been rewritten to mine Bitcoin whenever we connect to the Internet via web browsers. According to Kaspersky researchers, a small part of Roaming Mantis has been further modified recently to mine not only Bitcoin but also the other trending cryptocurrency at the moment, namely Monero.