Cybersecurity researchers at SEKOIA found that the Roaming Mantis malware campaign is now targeting iOS and Android users in France after attacking users in the U.S., Germany, the U.K., Japan, South Korea and Taiwan, according to BleepingComputer.
Android users are lured into downloading the XLoader malware on their devices via a text message telling them about a package sent to them that must be reviewed and arranged for delivery, while iOS users are taken to a phishing page which steals Apple credentials.
Meanwhile, the malware attack stops if users are outside France since they will encounter a 404 error after following a URL.
According to SEKOIA, the main C2 server has already received XLoader requests from more than 90,000 unique IP addresses so far, and the number could be the same or higher for iOS users who have been redirected to the phishing page.
"Domains used inside SMS messages are either registered with GoDaddy or use dynamic DNS services such as duckdns.org," the report stated.