Analysis of the ongoing Roaming Mantis campaign targeting France 📱

This week, SEKOIA analysed an ongoing smishing (phishing via SMS) campaign targeting France and used to deploy the MoqHao Android malware, or redirects to a credential harvesting page. We have been monitoring this threat for several months and have just published a FLINT (Flash Intelligence Report) in which you can find an analysis of the campaign, a summary of this threat and details on the Roaming Mantis infrastructure. ![img_flint_roaming_mantis1.png](BASE/products/901462981/changelog/11411/inline-71266f97a548eff3c7dc9fcb7971be39.jpg) Many exclusive Indicators of Compromise (IoCs) related to this campaign can be found in the the Intelligence Center in the [associated page](https://app.sekoia.io/intelligence/objects/campaign--61a6e307-5a5f-4445-b1bc-7894416736d4), as well as for the [MoqHao malware](https://app.sekoia.io/intelligence/objects/malware--143c24fa-ef96-4e62-beca-b27f7da01bd0) and the [Roaming Mantis intrusion set](https://app.sekoia.io/intelligence/objects/intrusion-set--193791f0-42fc-4ff7-8ec5-d20e8a49f92a). Our C2 trackers are proactively collecting network IoCs related to th ese threats. Related Resources: * [FLINT 2022-037 - Ongoing Roaming Mantis smishing campaign targeting France](https://app.sekoia.io/intelligence/objects/report--531014b1-5be2-4c06-ba73-471a74a0494b) * [Roaming Mantis smishing campaign targeting France in June/July 2022](https://app.sekoia.io/intelligence/objects/campaign--61a6e307-5a5f-4445-b1bc-7894416736d4) * [Roaming Mantis intrusion set page](https://app.sekoia.io/intelligence/objects/intrusion-set--193791f0-42fc-4ff7-8ec5-d20e8a49f92a) * [MoqHao malware page](https://app.sekoia.io/intelligence/objects/malware--143c24fa-ef96-4e62-beca-b27f7da01bd0)