Be alert to guard against Roaming Mantis phishing attacks

Roaming Mantis malware, which is believed to be a financially-motivated threat actor, is targeting Apple and Android users in many countries, including the UK.

The threat actor uses SMS communication to lure users into downloading malware on their Android devices. If the potential victim uses iOS, they are redirected to a phishing page for Apple credentials.

The ongoing Roaming Mantis campaign starts with an SMS sent to prospective victims, urging them to follow a URL.

The text message informs about a package that has been sent to them and which they need to review and arrange its delivery.

Android users are pointed to a site that delivers the installation file for a mobile app, (an Android Package Kit – APK). The APK executes and mimics a Chrome installation, requesting risky permissions such as SMS interception, making phone calls, reading and writing storage, handling system alerts, getting accounts list, and more.

The main purpose of this malware is to steal phone numbers and SMS messages from infected devices. After it runs, the malware pretends to be a Chrome or Google Play app that then requests the default messaging application to read the victim’s contacts and SMS messages. On the latest Android device it pretends to be a security service by Google Play on the latest Android device.

Please be vigilant and report any issues.

Image: A Praying Mantis