Beware of this SMS parcel scam that is wreaking havoc this summer

Mathilde Rochefort

August 08, 2022 at 11:30 a.m.


android phone © © Daniel Romero / Unsplash
© Daniel Romero / Unsplash

A vast campaign of phishing carried out by Chinese hackers is currently affecting many people in France. More than 200,000 malicious SMS have already been sent since the beginning of the summer.

This is a well-known scam. It takes place by sending an SMS indicating: Your package has been sent. Please check it and receive it. ”, in which there is also a fraudulent link.

A malware offering access to your personal data to hackers

By clicking on this link, an update of the victim’s browser is offered to him, which will trigger the download of malware called “MoqHao”, explains Sekoia, a company specializing in cybersecurity that spotted the phishing campaign.

phishing packages © © Sekoia

Example of the message sent by hackers © Sekoia

After the victim downloads and runs the malware, the app asks for permission to read and send SMS. This permission allows the malware, among other things, to intercept text messages from victims’ mobile phones. It should be noted that the studied sample of MoqHao imitates the Chrome application to trick the victim into giving this permission “, explains the firm.

Around 70,000 Android devices have been affected by the malware in France, and it may happen that the affected smartphones are the source of the famous SMS being sent to other potential victims. Note that the link does not work for people outside of France. The group behind the scam, Roaming Mantis, is a specialist in the theft of bank data, and in particular identifiers.

Cybercriminals are currently focusing on France

Roaming Mantis was identified by McAfee in 2017. Based in China, the hacker group acts primarily out of financial motivation and is currently focused on France, “ as reported by Kaspersky and Team Cymru in early 2022, and based on our observation of over 90,000 unique IPs that requested the C2 server distributing MoqHao “, continues Sekoia.

However, campaigns using the MoqHao malware, designed by the cybercriminals themselves, have also targeted Japan, South Korea, Taiwan, Germany, the United Kingdom and the United States. Many victims located in France report the phishing scam on specialized sites as well as on Twitter, so be vigilant.

Sources: Numerama, Sekoia

Source link -99