"Ongoing 'Roaming Mantis' Smishing Campaign Hits Over 70,000 Users in France"

Security researchers at Sekoia warn that a Chinese threat actor group named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign. The researchers stated that the campaign uses phishing SMS messages containing an embedded malicious link to trick unsuspecting victims into downloading malware on their Android devices or into accessing a phishing page designed to harvest Apple login credentials. The researchers stated that Roaming Mantis is financially motivated and based out of China. Roaming Mantis has been observed using the MoqHao malware in attacks targeting entities in Japan, Germany, South Korea, Taiwan, the US, and the UK.  Also known as Wroba and XLoader for Android, MoqHao is a remote access trojan (RAT) that provides the threat actor with information-stealing and backdoor capabilities. According to the researchers, the ongoing campaign has already compromised approximately 70,000 Android devices across France. Users outside the country were served an error message when clicking on the malicious link in the SMS message. According to Sekoia, more than 90,000 unique IP addresses were observed requesting the C&C server that distributes the malware. The researchers believe that Roaming Mantis could use the collected sensitive data to set up extortion schemes or that it could sell the information to other threat groups.

SecurityWeek reports: "Ongoing 'Roaming Mantis' Smishing Campaign Hits Over 70,000 Users in France"