French cybersecurity publisher Sekoia.IO warns of a phishing SMS campaign targeting France. These messages urge to install software that steals phone data.
Sending and receiving packets is fertile ground for the spread of digital scams. Although this practice has been well identified by Cyber Malveillance, the digital safety and prevention service, it still continues. At least that’s what Sekoia.IO observes.
The French cybersecurity publisher, which offers its customers an attack detection service, has identified a phishing campaign based on sending SMS, Numerama reported. The message, pretending to send a package, invites you to click a link.
A group of Chinese hackers
Sekoia.IO has conducted research to find out the behavior of phones in the face of this campaign against France, but also Japan, South Korea, Taiwan, Germany, the United Kingdom and the United States. It turns out that the link forwards differently depending on the phone model.
“On Android, the user is tricked into downloading a malicious application,” explains Marc Nebout, Cybersecurity Engineer at Sekoia.IO. On iPhone, it is a phishing scam that asks for Apple IDs in order to retrieve them.”
Once installed, the malicious app MoqHao — the work of Chinese hacker group Roaming Mantis, according to McAfee — asks for permission to access contacts and messages. Therefore, the aim is to recover this data in order to send new malicious SMS.
“By identifying the senders of the intercepted messages, we came up with the number of people with the virus,” says Marc Nebout. We didn’t see it here, but these types of attacks can result in calls to premium rate numbers to collect money.”
200,000 intercepted SMS sent
On its blog, the French publisher counted 70,000 SMS sent in mid-July, and the figure has now risen to 200,000. Despite everything, France is the least affected country, found Sekoia.IO.
To increase their chances of success, the attackers localized their attacks. Therefore, the links sent in France cannot be opened outside the territory. This makes it possible to adapt the language to the target group and thus to camouflage the malicious operation.
“Potential victims will either be very young or old. They will be the least attentive to these issues, Sekoia.IO’s cybersecurity engineer regrets. Combating these attacks requires awareness.”
In case of receiving this SMS or a questionable message, it is best not to click on the links contained in it. If you have the MoqHoa application installed, you should know that it takes over the functions of the Chrome browser. It is therefore possible to identify and delete it in the settings of your phone. A reset of the device is then recommended.