Security News > 2022 > February > 'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns
A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time.
Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android users are infected with a banking trojan known as Wroba whereas iPhone users are redirected to a phishing page that masquerades as the official Apple website.
The top affected countries, based on telemetry data gathered by Kaspersky between July 2021 and January 2022, are France, Japan, India, China, Germany, and Korea.
Also tracked under the names MoqHao and XLoader, the group's activity has continued to expand geographically even as the operators broadened their attack methods to mine cryptocurrency from Apple devices and evade detection.
The primary goal of the campaign is to deploy Wroba, which functions both as a spyware and banking malware, with capabilities to replace legitimate apps with malicious versions and steal credentials associated with victims' online bank accounts.
Further analysis of the malware artifacts has revealed the shift in programming language from Java to Kotlin and the addition of two new backdoor commands that allow Wroba to exfiltrate galleries and photos from infected devices.
News URL
https://thehackernews.com/2022/02/roaming-mantis-android-malware.html
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)