Topic: Roaming Mantis On Android And IOS Devices - Be Careful Out there. (Read 110 times)

I think you are one lucky fellow, for me, 95 percent of all my cryptocurrency transactions are carried out using a smartphone, Not that i like it so but for several reasons,  I will just mention two--
1. I am a very busy person, and spend most of my day time on the road, I find smartphone in this case very convenient as it helps me carry out my transactions on the go.
2. The country I live in is one faced with a serious epileptic power supply, I need electricity to run my PC, and most times, when I get home and there is no electricity, and am too tired to turn on my generator, I just turn to my smartphone to carry out what ever kind of transaction I need to carry out online.

In the end, you discover that a lot of peeps all over the world spend more time online through their smartphone, far more than they do through their PC.

Exactly the goal, Everybody cannot possibly come across this thread, or even the source from where the i got to know about this threat, but then, i believe that the few that have come across this and know it exists, have exempted themselves from being victims to this attack.

First, I must confess that I download a lot of apps, but so also do I delete a lot too  , my phone being one with over 200 gigabyte inbuilt memory gives my that ability to download as many apps as I want, but then, I still end up deleting a lot of them too, and for ones I really like, I turn off the permissions I don't like to give instead of deleting the app.
But then, the prove that those permissions are really turned off when a user turn them off,  I think is a discussion for another day.

Probably only a matter of time before this spreads to other countries... and things could be a bit trickier for some ppl  if they start pairing this with SMS spoofing where scammers uses the same sender ID as legitimate companies, for instance: Scammers successfully send SMS phishing links using SingPost name, nestled within actual SingPost texts (Singpost = postal service in Singapore)

In any case, anyone should be fine if they don't click unsolicited/unknown links and don't download unknown/random apps.

Though I don't mix crypto with smartphones anymore, I appreciate the warning.

One would hope that people in the crypto space would be savvy enough not to even open text messages, much less follow an unknown one wherever it leads to, I'm sure there's some kind of bell curve for security-mindedness when it comes to the crypto-using population as a whole, and thus there are some people who'd get scammed by methods like this.  Hopefully any potential victims will stop by this thread and read it if they weren't aware of this Mantis thing.

This crap is scary, man.  I don't download a lot of apps, but when I do and I see all the permissions they ask for, sometimes I just uninstall them even if they're ones I'd really like to use (and yeah, I don't usually check beforehand).  Ugh.

I found this information Online and I thought it wise to share it with the community, Most especially to our French brothers and sisters, since most of our Bitcoin transactions are done through a smartphone, we can never be too careful with securing and keeping our smartphones safe from malware infection, as getting infected can easily lead to cryptocurrency wallet hack, loss of fund and private information.
Mod, incase this is not the right board to post this, please help move it to the right board.


Roaming Mantis is a smartphone threat that uses SMS messages to lure its victims into downloading malware on their Android devices, if the potential victim uses iOS, he or she will be redirected to a phishing page where he or she will be lured into submitting his or her Apple credentials.

In a report, researchers from a cybersecurity company known as SEKOIA confirmed that this threat is currently targeting French smartphone users, in the report, they made it known that Roaming Mantis lures Android users into downloading a malware app known as MoqHao payloader, this malware is said to be very powerful and features such as -
-Remote access
-Information stealing
-SMS spamming

How Does Roaming Mantis Operate?
Like i said before, this threat is currently targeting French users, and it starts with an SMS to the prospective victim urging them to follow a URL, in the SMS, they tell you someone has sent you a package, and you need to review it and submit your details so that the package can be delivered to you.
If the user is located in France and are using an iOS device, they are directed to a phishing page that steals Apple credentials. Android users are pointed to a site that delivers the installation file for a mobile app, (an Android Package Kit - APK).
For users outside France, Roaming Mantis' servers show a 404 error and the attack stops.


The downloaded Malware has some risky permissions such as -
-SMS interception
-Making phone calls
-Reading and writing storage
-Handling system alert
-getting account list
-and more.