It’s a major French cybersecurity group that warns of a new scam campaign. The Sekoia.IO group emphasizes the fact that the latter only targets France and goes through software geared towards it Steal data from the affected phone. Here we explain everything.
The cheating technique
This campaign is called phishing, which means hameçonnage in French. That is, for example in this scam, they want you to click on a link. For that, they have to trick you into doing it by laying a bait. Here the scammers pretend to be a delivery service. They inform you that a package will happen or that it has to happen but that its delivery has to happen stay confirmed via a link.
So your message will say something like “Your package has been shipped. Please check it and receive it” followed by a link. The URL for this link doesn’t look like much. In general, you will find at least the name of the transport company, such as La Poste, Colissimo or DHL, in the name of the URL. So, with this simple SMS, these hackers have created a scam.
Major cybersecurity group Sekoi.IO thus conducted the investigation to thwart this scam. You should already know that France is not the first victim of this hacking group. Japan, South Korea, Taiwan, Germany, the United Kingdom, and the United States were also targeted. Likewise, the link contained in the SMS changes depending on the phone models. Marc Nebout, a cybercrime engineer at Sekoi.IO, explains: “On Android, the user is tricked into downloading a malicious application. On iPhone, it is a phishing asking for Apple IDs to recover“.
Indeed, this scam mainly consists of androids who want to install a malicious application. It’s called MoqHao, so it was developed by the group of Chinese hackers calling themselves Roaming Mantis. Once installed, it asks for permission to access data like messages or contacts. Thus the application has none more than to get everything back. Marc Nebout adds that “By identifying the senders of the intercepted messages, we uncovered a number of infected people. We didn’t see it here, but these types of attacks can lead to calls to toll numbers to get money back“.
Lots of trapped SMS
The Sekoi.IO blog apparently recorded more than 70,000 SMS for only half of July. But that number has grown exponentially to over 200,000. This scam starts like this to grow in size. However, France remains one of the least affected countries. In fact, if you are located abroad, the scam cannot work. The link only works in the French metropolitan area. Indeed, to properly address the population with the language in question. The cybercrime engineer also adds: “Potential victims are either very young or old. They will be the least attentive to these issues. To counteract these attacks, awareness is required“.
Therefore, if you believe that you have been affected by this scam by receiving this type of SMS, you should not click on the link contained in the message. And if you notice the presence of MoqHoa in your phone, you can Uninstall it in your phone settings.