‘Roaming Mantis’ Android Malware Targeting Europeans via Smishing Campaigns

News

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time.

Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android users are infected with a banking trojan known as Wroba whereas iPhone users are redirected to a phishing page that masquerades as the official Apple website.

Automatic GitHub Backups

The top affected countries, based on telemetry data gathered by Kaspersky between July 2021 and January 2022, are France, Japan, India, China, Germany, and Korea.

Also tracked under the names MoqHao and XLoader (not to be confused with the info-stealer malware of the same name targeting Windows and macOS), the group’s activity has continued to expand geographically even as the operators broadened their attack methods to mine cryptocurrency from Apple devices and evade detection.

'Roaming Mantis' Android Malware

The primary goal of the campaign is to deploy Wroba, which functions both as a spyware and banking malware, with capabilities to replace legitimate apps with malicious versions and steal credentials associated with victims’ online bank accounts.

Prevent Data Breaches

Further analysis of the malware artifacts has revealed the shift in programming language from Java to Kotlin and the addition of two new backdoor commands that allow Wroba to exfiltrate galleries and photos from infected devices.

“One possible scenario is that the criminals steal details from such things as driver’s licenses, health insurance cards or bank cards, to sign up for contracts with QR code payment services or mobile payment services,” the researchers said. “The criminals are also able to use stolen photos to get money in other ways, such as blackmail or sextortion.”

Products You May Like

Articles You May Like

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
Pay What You Want for This Collection of White Hat Hacking Courses
Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam
S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]
8 questions to ask yourself before getting a home security camera

Leave a Reply

Your email address will not be published.