Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France

2022-07-26 02:58

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries.

Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.

"MoqHao is an Android remote access trojan with information-stealing and backdoor capabilities that likely spreads via SMS," Sekoia researchers said.

"The smishing campaign is therefore geofenced and aims to install Android malware, or collect Apple iCloud credentials," the researchers pointed out.

What's more, the malicious app masquerades as the Chrome web browser application to trick users into granting it invasive permissions.

The spyware trojan provides a pathway window for remote interaction with the infected devices, enabling the adversary to stealthily harvest sensitive data such as iCloud data, contact lists, call history, SMS messages, among others.

News URL

https://thehackernews.com/2022/07/roaming-mantis-financial-hackers.html

#android #financial #france #hacker #iphone

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Mantis		1	1	23	10	3	37
Android		4	0	17	2	0	19

News URL

Related news

Related vendor