Security News > 2022 > July > Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France
The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries.
Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.
"MoqHao is an Android remote access trojan with information-stealing and backdoor capabilities that likely spreads via SMS," Sekoia researchers said.
"The smishing campaign is therefore geofenced and aims to install Android malware, or collect Apple iCloud credentials," the researchers pointed out.
What's more, the malicious app masquerades as the Chrome web browser application to trick users into granting it invasive permissions.
The spyware trojan provides a pathway window for remote interaction with the infected devices, enabling the adversary to stealthily harvest sensitive data such as iCloud data, contact lists, call history, SMS messages, among others.
News URL
https://thehackernews.com/2022/07/roaming-mantis-financial-hackers.html