The Roaming Mantis malware allows attackers to take control of a victim’s device and steal information.
Triumphantly marching through Germany, Taiwan, South Korea, Japan, the US and the UK, の Roaming Mantis attacked mobile devices in France. Experts suggest that tens of thousands of devices could already be infected.
Let me remind you that we also recently wrote that Operators of the Clipminer Botnet “Earned” More Than $1.7 Million, そしてそれも P2P ボットネット ぱんちゃん Linuxサーバーへの攻撃.
専門家によると, Roaming Mantis is a group of financially motivated hackers who started attacking Europeans in February 2022. In the latest malware campaign, attackers are using SMS to lure アンドロイド users to a phishing page and force them to download malware. If the victim is using iOS, it is redirected to a page through which cybercriminals steal their Apple ID credentials.
According to a report by SEKOIA 研究者, the Roaming Mantis group forces Android users to download the XLoader payload, a powerful malware that allows hackers to remotely access the victim’s device, steal their information and send out SMS spam on their behalf, on their devices.
The current Roaming Mantis campaign is aimed at French users and starts with an SMS message sent to potential victims urging them to go to an embedded URL.
If the victim downloads the APK, it launches and mimics a Chrome installation, asking for risky permissions such as reading and sending SMS, making phone calls, reading and writing storage data, getting a list of accounts, and more. その後, the C&C configuration is extracted from the profile on the Imgur site.
If the target is using iOS, they are taken to a phishing page that steals the victim’s Apple ID.
Roaming Mantis attack chain
For users outside of France, the Roaming Mantis servers issue a 404 error and the attack stops.
SEKOIA has confirmed that over 90,000 victims have downloaded XLoader from the attackers’ main C&C server so far. The number of iOS users who gave their Apple ID credentials to hackers is unknown and could be the same or higher.
コメントを残す