Dang. #MoqHao now even got an autopilot #phishing #cybersecurity #malware #android #sms
https://thehackernews.com/2024/02/new-variant-of-moqhao-android-malware.html
This blog post is *really* interesting: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
So, now, Android malware can automatically execute after installation. They need not be launched by the end-user.
The malware uses the "ContactDirectory" direction feature which is checked at install time.
Hey :)
Yesterday we published the third blog about our #MoqHao's analysis. We detected at least 1.5 millions victims since the end of 2022, and now every continent is targeted, etc
IOCs (+port pairing 🍷) and TTPs here: https://team-cymru.com/post/moqhao-part-3-recent-global-targeting-trends
Introduction This blog post is part of an ongoing series of analysis on MoqHao (also referred to as Wroba and XLoader), a malware family commonly associated with Roaming Mantis. MoqHao is generally used to target Android users, often via an initial attack vector of phishing SMS messages (smishing). The threat group behind Roaming Mantis are characterized as Chinese-speaking and financially motivated, first public acknowledgement goes back to around 2018. The group has historically targeted count
Scripter 
Christian Fischer
cryptax
Glacius