Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware

The corrupted code infects Android users that use either one of the two versions that depend upon variants of operating systems used by attacked systems. The phishing technique incorporated here shares similarities with earlier campaigns, still, the Roaming Mantis URL has the title “post” in composition. A different phishing message impersonates to be a Bitcoin handler and then takes the target to a malicious site (phishing) where the victim is requested to allow an unauthorized login attempt. 

McAfee reports, “During our investigation, we observed the phishing website hxxps://bitfiye[.]com redirect to hxxps://post.hygvv[.]com. The redirected URL contains the word “post” as well and follows the same format as the first screenshot. In this way, the actors behind the attack attempt to expand the variation of the SMS phishing campaign by redirecting from a domain that resembles a target company and service.” Different malware, as a characteristic of the Malware distribution program, is sent which depends upon the Android OS variant that gained login to the phishing site. In Android OS 10 and later variants, malicious Google Play applications will get downloaded. In Android OS 9 and earlier variants, malicious Chrome applications will get downloaded. 

<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware