The French cybersecurity publisher Sekoia.IO warns of a phishing SMS campaign targeting France. These messages push to install software that steals phone data.
Sending and receiving parcels is fertile ground for the proliferation of digital scams. Although well identified by Cyber Malveillance, the digital security assistance and prevention service, this practice still continues. At least that’s what Sekoia.IO observes.
The French cybersecurity publisher, which offers an attack detection service to its customers, has identified a phishing campaign based on sending SMS, reported Numerama. Claiming to send a package, the message invites you to click on a link.
A group of Chinese hackers
Sekoia.IO has carried out investigations to find out the behavior of telephones in the face of this campaign targeting France, but also Japan, South Korea, Taiwan, Germany, the United Kingdom and the United States. It turns out that the link redirects differently depending on the phone model.
“On Android, the user is tricked into downloading a malicious application, explains Marc Nebout, cybersecurity engineer at Sekoia.IO. On iPhone, it’s a phishing scam that asks for Apple IDs to retrieve them.”
Once installed, the malicious app MoqHao – the work of Chinese hacker group Roaming Mantis according to McAfee – asks for permission to access contacts and messages. The objective is thus to recover this data in order to send new malicious SMS.
“By identifying the senders of the trapped messages, we came across the numbers of individuals with the virus,” says Marc Nebout. We haven’t seen it here, but these types of attacks can lead to calls to premium rate numbers in order to recover money.”
200,000 trapped SMS sent
On its blog, the French publisher counted 70,000 SMS sent in mid-July, but this number has since increased to reach 200,000. Despite everything, France is the least affected country, found Sekoia.IO.
In order to increase their chances of success, the attackers have localized their attacks. Thus, the links sent in France cannot be opened outside the territory. This makes it possible to adapt the language to the target population, and therefore to camouflage the malicious operation.
“Potential victims are going to be either very young or old. They will be the least alerted on these subjects, regrets the cybersecurity engineer of Sekoia.IO. To combat these attacks, awareness is needed.”
In case of reception of this SMS, or any questionable message, the ideal is not to click on the links which it contains. If you have installed the MoqHoa application, know that it takes the features of that of the Chrome browser. It is therefore possible to identify and delete it in the settings of your phone. A reset of the device is then recommended.
Source: BFM TV