Sekoia.IO cyber security company condemns Very common scam Currently in France. This is an SMS to verify the delivery and receipt of a parcel, followed by a link. The signature scheme of a group of Chinese hackers called the “Wandering Mantis”, is not recent. The group has already infected a large number of smartphones and it is Responsible for mass data theft. Don’t click on their link!
SMS fraud from Chinese hackers
“Your package has been sent. Please check and receive it” is SMS messages are very common At the moment. This contains a link to verify the alleged package. However, this message is a decoy. According to SEKOIA, a cybersecurity investigative agency, this will come from a Chinese hacker group called ” Roaming Mantis (or a traveling mantis).
The latter operates in many countries such as Germany, the United States, South Korea, Japan, the United Kingdom, Taiwan, etc. This time the attackers campaigned in France.
In a short time, the phishing campaign managed it Customize multiple phones. The link redirects the target user to a fake website that looks very professional and looks like the real one.
The victim is then asked to complete his or her personal data. A field is displayed to fill in their identifiers, passwords and banking information. The scammers Collect all this in their database, against the trapped user.
complex processing process
This method of action works, since the potential victims Tend to trust more When it comes to texting. These messages are, in fact, better received than email.
Then the target users tend not to question the requests that appear there. In doing so, the victims More easily fall into the trap from the crook. The task of this one is also easy. Email providers can filter phishing emails, but email services can’t.
By responding to messages from these Chinese hackers, the user risks the following:
- Transfer of personal data including payment data. All it takes is downloading an app or a link to a scam page.
- It leads to premium rate calls to raise money.
Effects vary depending on the smartphone model
SEKOIA made the diagnoses for this Phishing campaign in France. The survey conducted by specialists confirms that in all cases, the link does not always lead to the same result.
This is especially the case if the phone is not located in France. A device other than iOS and Android will react the same way. Instead they will display a message ” Error 404 ‘, when a user clicks on the fraudulent link.
In the case of a phone with iOS, the link points to Request Apple IDs.
“On the iPhone, this is a phishing attack that asks Apple IDs to be recovered,” explains Mark Neibott, cybersecurity engineer at Sekoia.IO. This is how the data is extracted.
For Android, the specialist says: “The user is encouraged to download a malicious app. The latter calls itself MoqHao. It settles duringUpdate request from the browser.
After downloading this app on Android, it will then ask for a fileAccess to your contacts. Once allowed, it will be sent exactly Same SMS for all your contacts.
Already 200,000 messages trapped!
As of mid-July, 70,000 text messages have been sent following this modus operandi. But right now, this number You have already crossed the 200,000 text message threshold.
According to Mark Nebot, “Potential victims will be either young or old. They will be the least alert on these topics. To combat these attacks, awareness is needed.”
What do you do if you have already clicked on the fraudulent link?
In case of receiptweird text messageThe best thing to do is ignore this. Do not reply to it or click on the link provided. Attackers will enjoy recovering your data with just one click.
If you inadvertently see a questionable app very similar to Google Chrome, ask yourself the question anyway. It is possible to confirm its identity in your settings. Once this is done, you can proceed to delete it. It is recommended Reset your phone.