The recent SMS attack begins with a simple text message indicating that he sent a parcel to the recipient but was not delivered. This is then followed by a link that takes the victim to a fake webpage where they are urged to download apps like Chrome or the delivery company’s Android app.
Once installed, fake apps then start installing the malware Roaming Mantis, which can end up cluttering devices and handing over highly personal files to hackers.
Unlike some attacks — which attempt to access banking information — this latest threat goes straight to your photo album where it’s perfectly capable of downloading every photo and album.
Kaspersky’s security team, which first discovered the scam, says hackers can then use these images for huge financial gain.
Besides many users who store photos such as passport photos and bank card details, there is also an opportunity to extort money from the victim if they have more X-shaped photos stored on their devices.
Kaspersky explained that “criminals have two goals in mind. One possible scenario is that criminals steal details from things like driver’s licenses, health insurance cards, or bank cards, to sign up for contracts with QR code payment services or mobile payment services. Criminals can also use stolen images to get money in other ways, such as sexual extortion.”
Roaming Mantis is nothing new, first discovered in parts of Asia in 2018.
However, this new warning was issued as it now appears to be spreading rapidly across Europe with France and Germany currently in the most affected areas.
And if you’re wondering if these types of attacks really work, the answer is yes.
Kaspersky has released data on how often fake apps have been downloaded, and thousands appear to be being scammed every day.
In fact, the malicious version of Chrome has now been proven more than 65,000 times in France alone.
Speaking about this new threat, Kaspersky said: “It’s been almost four years since Kaspersky first noticed the Roaming Mantis campaign. Since then, the criminal group has continued its offensive activities using various malware. In addition, the group has now expanded its geography, adding two European states to key target areas. We expect these attacks to continue in 2022 due to strong financial motives.”
The advice is arguably clear, delete any text messages if you’re not sure where they come from, and don’t download any apps unless you’re sure they’re from an official source.