This week, SEKOIA analysed an ongoing smishing (phishing via SMS) campaign targeting France and used to deploy the MoqHao Android malware, or redirects to a credential harvesting page. We have been monitoring this threat for several months and have just published a FLINT (Flash Intelligence Report) in which you can find an analysis of the campaign, a summary of this threat and details on the Roaming Mantis infrastructure.  Many exclusive Indicators of Compromise (IoCs) related to this campaign can be found in the the Intelligence Center in the [associated page](https://app.sekoia.io/intelligence/objects/campaign--61a6e307-5a5f-4445-b1bc-7894416736d4), as well as for the [MoqHao malware](https://app.sekoia.io/intelligence/objects/malware--143c24fa-ef96-4e62-beca-b27f7da01bd0) and the [Roaming Mantis intrusion set](https://app.sekoia.io/intelligence/objects/intrusion-set--193791f0-42fc-4ff7-8ec5-d20e8a49f92a). Our C2 trackers are proactively collecting network IoCs related to th ese threats. Related Resources: * [FLINT 2022-037 - Ongoing Roaming Mantis smishing campaign targeting France](https://app.sekoia.io/intelligence/objects/report--531014b1-5be2-4c06-ba73-471a74a0494b) * [Roaming Mantis smishing campaign targeting France in June/July 2022](https://app.sekoia.io/intelligence/objects/campaign--61a6e307-5a5f-4445-b1bc-7894416736d4) * [Roaming Mantis intrusion set page](https://app.sekoia.io/intelligence/objects/intrusion-set--193791f0-42fc-4ff7-8ec5-d20e8a49f92a) * [MoqHao malware page](https://app.sekoia.io/intelligence/objects/malware--143c24fa-ef96-4e62-beca-b27f7da01bd0)