Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware

A smishing campaign which goes by the name Roaming Mantis is imitating a logistics firm to hack SMS messages and contact list of Android users from Asia since 2018. Last year, Roaming Mantis advanced its campaign impact by sending phishing URL messages and dynamic DNS services that attacked targets with duplicate Chrome extension “MoqHao.” From the start of 2021, Mcafee Mobile Research Team has confirmed that the group is attacking users from Japan with the latest malware named SmsSpy. 

The corrupted code infects Android users that use either one of the two versions that depend upon variants of operating systems used by attacked systems. The phishing technique incorporated here shares similarities with earlier campaigns, still, the Roaming Mantis URL has the title “post” in composition. A different phishing message impersonates to be a Bitcoin handler and then takes the target to a malicious site (phishing) where the victim is requested to allow an unauthorized login attempt. 
McAfee reports, “During our investigation, we observed the phishing website hxxps://bitfiye[.]com redirect to hxxps://post.hygvv[.]com. The redirected URL contains the word “post” as well and follows the same format as the first screenshot. In this way, the actors behind the attack attempt to expand the variation of the SMS phishing campaign by redirecting from a domain that resembles a target company and service.” Different malware, as a characteristic of the Malware distribution program, is sent which depends upon the Android OS variant that gained login to the phishing site. In Android OS 10 and later variants, malicious Google Play applications will get downloaded. In Android OS 9 and earlier variants, malicious Chrome applications will get downloaded. 
<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware