The rar attachment contains an exe file: the malware itself. Objective: to steal information from the victim.
The Roaming Mantis smishing campaign now targets Europe.Kaspersky cybersecurity experts: The link in the sms directs or to a phishing page imitating the Apple website or it downloads Wroba malware on Android devices
Roaming Mantis now targets Europe. It has been discovered by Kaspersky cybersecurity experts. The smishing campaign that hit devices with mobile malware, has added France and Germany as primary targets in addition to Japan, Taiwan and Korea. Typically, the smishing messages contain a very short description and a URL to a landing page. If a user clicks on the link and opens it, there are two scenarios:
- iOS users are redirected to a phishing page imitating the official Apple website;
- Wroba malware is downloaded on Android devices.
Furthermore, the cybercrime gang behind the campaign uses various obfuscation techniques in the landing page script, in order to evade detection, and blocks the connection from the source IP address in non-targeted regions, showing a fake “404” page. The user agent checking feature evaluates the devices, redirecting it to the phishing page if is iOS-based, or delivering the malicious APK if is Android-based.