The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages.

Many people think about phishing as a email only based threat but that is not true at all. Other communication channels such as phone calls or text/sms messages are just as dangerous. SMS in particular is the same concept as a email. The victim receives a link and when they click it, they are redirected to a malicious website designed to compromise mobile devices. The Roaming Mantis SMS phishing campaign is just one of the many examples of how SMS is a vulnerability to phishing for many organizations. The following article speaks about the Roaming Mantis SMS threat. This comes form a article on securityaffairs found HERE. Here is that article ….

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Roaming Mantis is a credential theft and malware campaign that leverages smishing to distribute malicious Android apps in the format of APK files.

Investigation by Kaspersky Lab indicates that the attack was targeting users in Asia with fake websites customized for English, Korean, Simplified Chinese and Japanese. Most impacted users were in Bangladesh, Japan, and South Korea.

The latest wave of attacks aimed at spreading phishing links via SMS messages (SMiShing), most of the victims were users in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, and Vietnam.

Now the Roaming Mantis SMS phishing campaign is targeting Android and iPhone users in Germany and France with malicious apps and phishing pages.

Starting from April 2019, the campaign started using a new landing page to target iOS devices in the attempt to trick victims into installing a malicious iOS mobile configuration.

The configuration allows the launch of the phishing site in a web browser and to gather information from the target device.

In recent Roaming Mantis campaigns, operators employed a trojan dubbed ‘Wroba‘ in attacks aimed at users in France and Germany. The infection chain starts with an SMS containing

“Our latest research into Roaming Mantis shows that the actor is focusing on expanding infection via smishing to users in Europe. The campaign in France and Germany was so active that it came to the attention of the German police and French media. They alerted users about smishing messages and the compromised websites used as landing pages.” reads the analysis published by Kaspersky.

The infection chain starts with an SMS text on the target device, which contains a warning message about a shipped package with an included URL.

Upon clicking on the link, a victim is redirected to a phishing page designed to steal the user’s Apple login credentials.

see the full article at Roaming Mantis SMSishing campaign now targets EuropeSecurity Affairs

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.