"French Android And iPhone Users Being Targeted by Roaming Mantis Financial Hackers"
Roaming Mantis, a mobile threat operation, has been linked to a new wave of breaches targeting French mobile phone users, months after expanding its scope to include European countries. According to a study released by Sekoia, the active malware operation is thought to have infected at least 70,000 Android smartphones. Attack chains led by the financially motivated Chinese threat actor Roaming Mantis have been known to exploit the banking trojan MoqHao, also known as XLoader, or to redirect iPhone users to landing pages that harvest credentials by imitating the iCloud login screen. Sekoia researchers say MoqHao is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that spreads via SMS. The process begins with a phishing SMS (smishing), which lures users with messages about a package delivery that contain malicious links that, when clicked, download the malicious APK file, but only after determining whether the victim is in French territory. If a receiver is located outside of France and their device's operating system is not Android or iOS, the server is programmed to respond with a "404 Not Found" response code. This can be determined by looking at their IP address and User-Agent string. This article continues to discuss the targeting of French Android and iPhone users by Roaming Mantis.