iPhone, Android phone users beware of this app! Vicious Roaming Mantis Phishing scam hit 10000 people

tech.hindustantimes.com:

The Roaming Mantis Phishing Scam has attacked over 10000 iPhone and Android phone users in France. It is believed to be a financially-motivated malware that started attacking European users and stealing their money in February 2022. And now it has been found to be very active in France. As reported by cybersecurity company SEKOIA, the Roaming Mantis group sends a dangerous malware called XLoader (MoqHao) to devices via SMS and trick users into downloading malware containing apps on their Android devices. iPhone users are redirected to a phishing page for Apple credentials. The report says that this malware can get remote access and also does SMS spamming.

SEKOIA shared that the Roaming Mantis campaign first sends an SMS to the targeted users, urging them to follow a URL. The text message contains information about a package that has been sent to them and the users need to review and arrange its delivery. And if the users are using an iPhone or other iOS devices, they are directed to a phishing page that steals users' Apple credentials while Android users are redirected to a site that delivers the installation file for a mobile app, (an Android Package Kit - APK).

The APK further mimics a Chrome installation, asking for permissions to access SMS, phone calls, reading and writing storage, handling system alerts, getting accounts list, and more. Once the permissions are granted by innocent and unwary victims, the malware enters the phone and steals all the crucial data. Permission to Apple iPhone IDs’ credential provides Roaming Mantis access to data from the local system, like SD card, applications, messages or contact list, iCloud backups, iMessage, call history. It even allows attackers to establish remote interaction with