Security News > 2022 > July > Roaming Mantis hits Android and iOS users in malware, phishing attacks

Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices.
Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February.
In a recently observed campaign, the threat actor uses SMS communication to lure users into downloading malware on their Android devices.
In a report published today, researchers at cybersecurity company SEKOIA say that the Roaming Mantis group is now dropping on Android devices the XLoader payload, a powerful malware that counts features such as remote access, information stealing, and SMS spamming.
The ongoing Roaming Mantis campaign is targeting French users and starts with an SMS sent to prospective victims, urging them to follow a URL. The text message informs about a package that has been sent to them and which they need to review and arrange its delivery.
The number of iOS users who have handed over their Apple iCloud credentials on the Roaming Mantis phishing page is unknown and could be the same or even higher.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)