Analysis of the ongoing Roaming Mantis campaign targeting France 📱

This week, SEKOIA analysed an ongoing smishing (phishing via SMS) campaign targeting France and used to deploy the MoqHao Android malware, or redirects to a credential harvesting page. We have been monitoring this threat for several months and have just published a FLINT (Flash Intelligence Report) in which you can find an analysis of the campaign, a summary of this threat and details on the Roaming Mantis infrastructure. ![img_flint_roaming_mantis1.png](BASE/products/901462981/changelog/11411/inline-71266f97a548eff3c7dc9fcb7971be39.jpg) Many exclusive Indicators of Compromise (IoCs) related to this campaign can be found in the the Intelligence Center in the [associated page](, as well as for the [MoqHao malware]( and the [Roaming Mantis intrusion set]( Our C2 trackers are proactively collecting network IoCs related to th ese threats. Related Resources: * [FLINT 2022-037 - Ongoing Roaming Mantis smishing campaign targeting France]( * [Roaming Mantis smishing campaign targeting France in June/July 2022]( * [Roaming Mantis intrusion set page]( * [MoqHao malware page](