Roaming Mantis Is Now In Europe | With Its Lethal Android Backdoor | Cybersecurity News

The Roaming Mantis Android malware attack has spread across Europe, particularly France. The Wroba RAT (remote access trojan) is distributed as part of the campaign.
According to Kaspersky’s research, it has been upgraded with the capabilities to steal images and galleries from a victim’s device that can open the door to stealing sensitive information from items like driver’s licenses, misusing cached QR codes for online payments, or maybe even blackmail or sextortion.
The Wroba RAT features a function that verifies the device’s area for displaying a phishing website in the corresponding language.
Researchers discovered that for non-targeted areas, the webpage restricts the connectivity from the source IP address. Resultantly, the user is presented with a bogus “404” error page.
Smishing is a common method of spreading the campaign. Smishing messages usually include a summary and a link to a landing website. When a user clicks on the attached URL, one of two things happens.
IOS users are led to a phishing page that looks like the official Apple website, and Android users get the Wroba virus.”
The researchers added that we believe these activities will persist in 2022 due to the obvious high financial motivation.
#Malware #Wroba #Cybersecurity #RoamingMantis #News