Following attacks on users of Android and iOS in Germany, Taiwan, South Korea, Japan, the US, and the UK, the Roaming Mantis operation turned its attention to France, possibly compromising tens of thousands of devices.
In a recent effort, the threat actor sent SMS to potential victims pleading with them to click on a URL.
The SMS alerts them to a shipment sent to them, which they must check out and arrange for delivery.
The potential victim is sent to a phishing page seeking Apple credentials if they are an iOS user.
Android users are directed to a website that provides the mobile app installation file (an Android Package Kit – APK).
