MoqHao Evolution Poses Immense Threat to Android Users

/in


Cybersecurity threat experts have recently discovered a new variant of the malware named XLoader, commonly known as MoqHao, that has the ability to automatically infect devices without any user interaction. Being termed the MoqHao evolution, this is a new version of the infamous android malware that has been long linked with Roaming Mantis, a financially motivated group of hackers based in China.

In this article, we will explore the background of MoqHao Evolution in detail and see how it operates differently from its earlier variants.

 

MoqHao Evolution – A Timeline


MoqHao is a mobile-based android threat that is used for phishing purposes and first appeared as a cybersecurity threat in 2015. Threat actors behind the malware-initiated attacks based on phishing activities through SMS, also referred to as “smishing,” in Asia. The major locations that were the target of MoqHao were Japan, South Korea, and Bangladesh. 

However, it later moved to European countries as well, like France and Germany. This received the attention of many cybersecurity threat experts. They deemed it as a serious threat to users because this notorious Android malware had robbed thousands of users by tricking them. 

Recent reports have mentioned that this Android malware now operates in 27 regional languages. This is a considerable increase from the 4 regional languages at the start, and highlights the widespread nature of the target users.


What Has Changed In MoqHao?


The biggest difference between the previous variants of this Android malware and the latest one is that it now does not need user interaction to infect the device. The earlier variants needed the user to launch this malware manually. After the user clicks on the installation link that is received through their phone’s SMS app, this new cybersecurity threat leads to the automatic execution of malicious code.


How The Evolved MoqHao Operates?


Understanding how the malware operates is essential for developing cybersecurity strategies. It masks itself as legitimate apps like the Chrome web browser by employing Unicode strings. However, if users are careful enough, they can identify it as the name of the software appears slightly…

Source…