The Roaming Mantis threat actor group has improved its attack tactic to steal more funds while evading detection. The group is now using whitelisting to spread two new malware families. Researchers suspect that this could be the work of more than one group of attackers working together.