Android users have been warned of a new scam that utilizes a fake version of the popular Chrome web browser to steal private and personal photos. The latest SMS attack begins with a simple text message indicating that a package has been sent to the recipient but has not been delivered. This is followed by a link that directs the victim to a fake webpage where they are urged to download applications such as Chrome or the delivery company’s Android app. Once installed, the fake applications start installing the malicious software Roaming Mantis, which can wreak havoc on devices and deliver highly personal files to hackers.
Unlike some attacks that target banking information, this latest threat goes directly for your photo album, fully capable of downloading every image from your photos and albums. According to the security team at Kaspersky, a global leader in cybersecurity solutions and services, which first discovered the scam, hackers can then use these photos for significant financial gain. Alongside many users who store images, such as passport photos and banking details, there is also the chance of extorting money from the victim if they have more sensitive, erotic images stored on their devices.
Kaspersky explained that "criminals have two goals in mind; one potential scenario is that the criminals steal details from items such as driver's licenses, health insurance cards, or bank cards, to sign up for contracts with payment services using QR codes or mobile payment services. Criminals can also use stolen photos to make money in other ways, such as sexual extortion."
Roaming Mantis is not new, having been first discovered in parts of Asia in 2018. However, this new warning comes as it seems to be spreading rapidly across Europe, with France and Germany currently being the most affected areas. If you are wondering whether these types of attacks are actually working, the answer is yes. Kaspersky has released data on how often these fake applications are downloaded, indicating that thousands are being deceived every day. In fact, the malicious version of Chrome has now been installed over 65,000 times in France alone.
Speaking about this new threat, Kaspersky stated: "It has been almost four years since Kaspersky first noticed the Roaming Mantis campaign, and since then, the criminal group has continued its offensive activities using various malware. Additionally, the group has now expanded its geography, adding two European countries to the main targeted regions, and we expect these attacks to continue in 2022 due to strong financial motives." The advice is clear: delete any texts if you are unsure of their source, and do not download any applications unless you are certain they are from an official source.
