Security News > 2022 > February > Roaming Mantis Expands Android Backdoor to Europe
The Roaming Mantis Android malware campaign has buzzed into Europe, quickly infesting France in particular, where there have been 66,789 downloads of the group's specific remote access trojan as of January.
The campaign pushes the Android RAT known as Wroba onto victim devices.
According to research from Kaspersky, it has been updated with the ability to exfiltrate images and galleries from a victim device, which potentially paves the way for lifting sensitive information from things like drivers' licenses, abusing stored QR codes for payment services, or even for blackmail or sextortion.
"If a user clicks on the link and opens the landing page, there are two scenarios: iOS users are redirected to a phishing page imitating the official Apple website, while the Wroba malware is downloaded on Android devices."
As for the Wroba backdoor itself, the RAT has received two new data-stealing commands: "Get photo" and "Get gallery." This brings the total number of embedded backdoor commands to 21, according to Kaspersky.
"These new backdoor commands are added to steal galleries and photos from infected devices," researchers noted.
News URL
https://threatpost.com/roaming-mantis-android-backdoor-europe/178247/