The Roaming Mantis risk group distributes a widely known Android malware household known as “MoqHao.” This malware household has been beforehand reported to be concentrating on Asian international locations reminiscent of Korea and Japan. Although the distribution methodology stays the identical, the brand new variants use a really harmful approach.
Sometimes, the MoqHao malware requires person interplay to put in and launch the app. Nonetheless, the brand new variant of this malware doesn’t require any execution.
Android is at the moment protected with Google Play Shield, which is the default app scanner that warns customers or blocks functions that comprise malicious habits.
Forestall malware from infecting your community on the supply stage by intercepting malicious recordsdata in transit from their supply to the goal gadget’s net browser..
Android MoqHao Malware
As a part of the distribution, the risk actors ship a malicious phishing SMS message to the customers, which is able to comprise a malicious shortened hyperlink. The gadget downloads the malicious software as soon as the person clicks on the hyperlink.
This new variant has a number of totally different behaviors when in comparison with the earlier variants of this malware, because it launches routinely after set up with out person interplay.
Android safety checks an put in software and the precise worth utilized by that software, which have to be distinctive. The risk actors are abusing this specific function to auto-executing the applying with out person interplay.
Furthermore, the risk actors additionally use social engineering strategies to set this malicious app as a default SMS app. Additional investigations additionally revealed that the malware has been prolonged with targets, together with international locations like South Korea, France, Germany, and India.
Moreover, this variant connects with a C2 server by WebSocket. This new malware has been added with a number of different instructions for checking SIM state, sending SMS messages to different contacts and C2 servers, setting Sound/Vibrate/Silent mode, and varied different functions.
| Command | Description |
| getSmsKW | Ship entire contacts to the C2 server |
| sendSms | Ship SMS messages to somebody |
| setWifi | Allow/disable Wifi |
| gcont | Set Vibrate/Silent mode in accordance with the SDK model |
| lock | Retailer Boolean worth in “lock” key in SharedPreferences |
| bc | Test SIM state |
| setForward | Retailer String worth in “fs” key in SharedPreferences |
| getForward | Get String worth in “fs” key in SharedPreferences |
| hasPkg | Test the precise package deal put in on the gadget |
| setRingerMode | Set Sound/Vibrate/Silent mode |
| setRecEnable | Emulate the House button click on |
| reqState | Ship gadget data (Community, Energy, MAC, Permission) to C2 server |
| showHome | Name a particular quantity with a Silent mode |
| getnpki | Ship Korean Public Certificates (NPKI) to C2 server |
| http | Ship HTTP requests |
| name | Get the record of put in packages |
| get_apps | Ship all images to the C2 server |
| ping | Test C2 server standing |
| getPhoneState | Get distinctive data reminiscent of IMEI, SIM quantity, Android ID, and serial quantity |
| get_photo | Ship all images to C2 server |
McAfee supplies complete data in regards to the malware, together with particulars on its supply code, strategies used to deploy it, targets which have been affected by it, and different necessary insights.
Indicators of Compromise
| SHA256 | Utility Title | Package deal Title |
| 2576a166d3b18eafc2e35a7de3e5549419d10ce62e0eeb24bad5a1daaa257528 | chrome | gb.pi.xcxr.xd |
| 61b4cca67762a4cf31209056ea17b6fb212e175ca330015d804122ee6481688e | chrome | malmkb.zdbd.ivakf.lrhrgf |
| b044804cf731cd7dd79000b7c6abce7b642402b275c1eb25712607fc1e5e3d2b | chrome | vfqhqd.msk.xux.njs |
| bf102125a6fca5e96aed855b45bbed9aa0bc964198ce207f2e63a71487ad793a | chrome | hohoj.vlcwu.lm.ext |
| e72f46f15e50ce7cee5c4c0c5a5277e8be4bb3dd23d08ea79e1deacb8f004136 | chrome | enech.hg.rrfy.wrlpp |
| f6323f8d8cfa4b5053c65f8c1862a8e6844b35b260f61735b3cf8d19990fef42 | chrome | gqjoyp.cixq.zbh.llr |
Keep up to date on Cybersecurity information, Whitepapers, and Infographics. Comply with us on LinkedIn & Twitter.
USB C to Lightning Cable 1M [Apple MFi Certified] iPhone Fast Charger Cable USB-C Power Delivery Charging Cord for iPhone 14/13/12/12 PRO Max/12 Mini/11/11PRO/XS/Max/XR/X/8/8Plus/iPad
₹699.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Redmi 12 5G Moonstone Silver 6GB RAM 128GB ROM
₹12,999.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
CP PLUS 3 MP Full HD Smart Wi-fi CCTV Camera | 360° Pan & Tilt | View & Talk | Motion Alert | Night Vision | SD Card (Up to 128 GB) | Alexa & OK Google | 2-Way Talk | IR Distance 10Mtr | CP-E35A
₹1,299.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
boAt Newly Launched Airdopes 121 V2 Plus TWS in Ear Earbuds with 50 Hrs Playtime,Quad Mics W/Enx Tech,ASAP Charging, Beast Mode(50Ms Low Latency),Btv5.3 & Ipx4(Active Black)
₹1,399.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
TECNO POP 8 (Mystery White,(8GB*+64GB)|90Hz Punch Hole Display with Dynamic Port & Dual Speakers with DTS| 5000mAh Battery |10W Type-C| Side Fingerprint Sensor| Octa-Core Processor
₹6,599.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Ambrane Unbreakable 3A Fast Charging 1.5m Braided Type C Cable for Smartphones, Tablets, Laptops & other Type C devices, 480Mbps Data Sync, Quick Charge 3.0 (RCT15A, Black)
₹199.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
HP 680 Original Ink Advantage Cartridge (Black)
₹886.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Portronics Ruffpad 8.5E Re-Writable LCD Writing Pad with Screen 21.5cm (8.5-inch) for Drawing, Playing, Handwriting Gifts for Kids & Adults, India's first notepad to save and share your child's first creatives via Ruffpad app on your Smartphone(Black)
₹199.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Logitech B170 Wireless Mouse, 2.4 GHz with USB Nano Receiver, Optical Tracking, 12-Months Battery Life, Ambidextrous, PC/Mac/Laptop - Black
₹499.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Seagate Expansion 1TB External HDD - USB 3.0 for Windows and Mac with 3 yr Data Recovery Services, Portable Hard Drive (STKM1000400)
₹4,973.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Toshiba Canvio Basics 2TB Portable External Hard Drive USB 3.0, Black - HDTB520XK3AA
$64.99 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Toshiba Canvio Basics 1TB Portable External Hard Drive USB 3.0, Black - HDTB510XK3AA
$49.99 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
MSI Gaming GeForce RTX 3060 12GB 15 Gbps GDRR6 192-Bit HDMI/DP PCIe 4 Torx Twin Fan Ampere OC Graphics Card
$280.00 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Gotega External DVD Drive, USB 3.0 Portable +/-RW , DVD Player for CD ROM Burner Compatible with Laptop Desktop PC Windows Linux OS Apple Mac Black
$19.99 (as of February 11, 2024 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)