MoqHao Malware Makes a Comeback in Roaming Mantis' Smishing Campaign
The MoqHao Malware is a dangerous Android threat, which first surfaced back in 2017. Back then, it attacked victims in South Korea, and the attackers usually approached their targets through phishing SMS messages, also referred to as 'smishing.' Recently, several other smishing campaigns caught the attention of malware researchers – the SmsSpy Android Malware and the Anatsa Android Malware.
Although MoqHao Malware was believed to be inactive for a while, the malware seems to have made a comeback in 2021 – the Roaming Mantis APT made use of it at the beginning of May. The recent campaign focused on users in Asia, and, surprisingly, this time the attacks were not exclusive to South Korea.
But what is the MoqHao Malware? As mentioned above, it only runs on Android devices. It serves several purposes, which would enable the attacker to spy on users and steal sensitive data from them. The MoqHao Malware can:
- Steal the victim's contact list, and send out mass SMS spam to them.
- Steal incoming or past text messages.
- Deploy additional malware or Android apps.
- Execute remote commands.
- Display fake phishing websites, which try to steal the user's login credentials.
In some of the attacks that involved MoqHao Malware, victims had other banking Trojans present on their devices. Researchers suspect that the MoqHao Malware might be used as a first-stage implant, which determines whether the user is a customer of one of the supported banks or financial institutions (e.g., by checking if they visit particular websites or have a banking app installed.) If a match is found, then the MoqHao Malware's operators would proceed to deploy suitable malware that will be later used to display phishing overlays.
Nowadays, we use our smartphones for just about anything – online banking, buying things, subscribing for services, sending important documents, or private text messages. It is not a surprise that cybercriminals have been gradually switching their focus from Windows systems to Android and iOS devices. You should keep your smartphone or tablet protected with the use of an up-to-date antivirus app – this is the best way to mitigate attacks like the one described above.