French cybersecurity publisher Sekoia.IO warns of phishing SMS campaign targeting France These messages prompt you to install software that steals phone data.
Sending and receiving parcels is fertile ground for the proliferation of digital scams. Yet well recognized Cyber Malice, the Digital Security Assistance and Prevention Service, this practice is still ongoing. At least that’s what Sekoia.IO observes.
A French cyber security publisher, which provides an attack detection service to its clients, has identified a phishing campaign based on the sending of SMS. Numerama. The message invites you to click on a link, claiming to send a package.
A group of Chinese hackers
Sekoia.IO carried out investigations to find out the behavior of phones in the face of this campaign, which targets France, but also Japan, South Korea, Taiwan, Germany, the United Kingdom and the United States. The connection is routed differently depending on the phone model.
“On Android, the user is tricked into downloading a malicious app,” explains Sekoia.IO Cyber Security Engineer Mark Nebot. On the iPhone, it’s a phishing scam that asks you to restore Apple IDs.
Once installed, the malicious app MoqHao – according to Chinese hacker group Roaming Mantis McAfee – Asks permission to access contacts and messages. The aim is to recover this data for sending new malicious SMS.
“By identifying the senders of the infected messages, we saw the number of people infected with the virus,” says Mark Nebot. We didn’t see it here, but these types of attacks lead to calls to premium toll numbers to recover money.
200,000 intercepted SMS sent
On his blog, the French publisher counted 70,000 text messages sent in mid-July, but this number has increased to 200,000. Despite everything, France was the least affected country, Sekoia.IO found.
In order to increase the chances of success, attackers have localized their attacks. Therefore, links sent in France cannot be opened outside the territory. This makes it possible to adapt the language to the target population and therefore hide the malicious activity.
“Victims are going to be very young or very old. They have very little caution in these matters,” lamented Sekoia.IO’s cyber security engineer. To combat these attacks, awareness is needed.”
If you receive this SMS or any suspicious message, it is better not to click on the links in it. If you have installed the MoqHoa app, be aware that it takes over the features of the Chrome browser. So you can identify and delete it in your phone’s settings. It is recommended to reset the device.