Roaming Mantis

Roaming Mantis (Chinese intrusion set) is assessed to be a financially motivated group, with a history of targeting developed countries.

Recently, it has been linked to a series of SMS phishing attacks (Smishing) targeting France, Germany and previously Korea, Japan, Taiwan. Its Smishing campaigns target Android-type devices by spreading malware called “Moqhao alias Wroba, Xloader”.

MoqHao (aka Wroba, XLoader for Android) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS. 

SEKOIA.IO analysts monitor and track this threat since the beginning of 2022. In a blog post, they describe each step of the ongoing Smishing campaign and share their investigation on Roaming Mantis’ infrastructure.
To learn more, click on this link.

You can consult other topics available in our glossary below: