Select Page

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time.

Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android users are infected with a banking trojan known as Wroba whereas iPhone users are redirected to a phishing page that masquerades as the official Apple website.

The top affected countries, based on telemetry data gathered by Kaspersky between July 2021 and January 2022, are France, Japan, India, China, Germany, and Korea.

Also tracked under the names MoqHao and XLoader (not to be confused with the info-stealer malware of the same name targeting Windows and macOS), the group’s activity has continued to expand geographically even as the operators broadened their attack methods to mine cryptocurrency from Apple devices and evade detection.

images from Hacker News