Cybersecurity company Sekoia.IO denounces a very common scam currently in France. This is an SMS to verify delivery and receipt of a package, followed by a link. This signature scheme by a group of Chinese hackers called “Roaming Mantis” is not new. The group has already infected a large number of smartphones and it is responsible for a mass data theft. Don’t click on their link!
Scam by Chinese hackers via SMS
“Your package has been sent. Please check it and receive it”. a very frequent text message at the moment. This contains a link to check the so-called package. However, this news is a decoy. According to cybersecurity investigative agency SEKOIA, this came from a group of Chinese hackers called ” Wandering Praying Mantis (or traveling praying mantis).
The latter work in several countries such as Germany, the United States, South Korea, Japan, Great Britain, Taiwan, etc. This time the attackers led a campaign in France.
The phishing campaign succeeded in a short time assign multiple phones. The link redirects the target user to a fake website that looks very professional and is similar to the real website.
The victim is then asked to complete their personal information. A field will appear to enter their IDs, passwords, and banking information. That cheater collect all this in their database against the captured user.
A sophisticated manipulation process
This course of action works because potential victims rather trust when it comes to texting. These messages actually go down better than an email.
The target users are then less likely to question the queries that appear there. And the victims fall into the trap more easily of the scammer. The task of this is also facilitated. Email providers can filter phishing emails, but email services cannot.
By replying to messages from these Chinese hackers, the user risks:
- Transmission of personal data including payment data. All it takes is an app download or a link to a fake site.
- Lead to premium calls to collect money.
The effects vary depending on the smartphone model
SEKOIA carried out diagnostics in this regard Phishing campaign in France. The survey conducted by the specialists confirms that linking does not always lead to the same result.
This is especially true if the phone is not located in France. A device other than iOS and Android reacts the same way. They will display a message instead ” Error 404 ‘ if their user clicked on the fraudulent link.
For a phone equipped with an iOS system, the link points to a request for Apple IDs.
“On the iPhone, it’s a phishing attack that asks for Apple IDs in order to retrieve them,” explains Marc Nebout, Cybersecurity Engineer at Sekoia.IO. This is how the data is extracted.
Regarding Android, the specialist says that “the user is encouraged to download a malicious application. The latter is called MoqHao. She sits down duringan update request of the browser.
After you download this app on Android, you will be asked for itAccess to your contacts. As soon as this is allowed, it will be sent accurately the same SMS to all your contacts.
Already 200,000 messages included!
By mid-July, 70,000 SMS had been sent using this modus operandi. But currently this number already exceeded the threshold of 200,000 SMS.
According to Marc Nebout, “The potential victims will be either very young or old. They will be the least attentive to these issues. Combating these attacks requires awareness. »
What to do if you have already clicked on the fraudulent link?
Upon receipt ofa strange text message, the best thing you can do is ignore this one. Do not respond or click on the link provided. Attackers will enjoy recovering your data with just one click.
If you accidentally see a questionable application that is very similar to Google Chrome, ask yourself the question anyway. It is possible to ensure his identity in your settings. Once done, you can proceed with deleting. It is even recommended reset your phone.