Roaming Mantis’ Android malware campaign has invaded Europe, quickly invading France in particular, with 66,789 downloads of the group’s specific remote access Trojan (RAT) since January. The campaign pushes theAndroid RAT known as Wroba on the victim devices. According to a study from Kaspersky, it has been updated with the ability to extract images and galleries from the victim’s device, which may open the door for sensitive information from things like driver’s licenses, misuse of QR codes stored in payment services, or even blackmail.
The Roaming Mantis has been around since 2018, most commonly seen in Japan, South Korea and Taiwan. Now, its arrival in France has led to the country seeing the highest number of attacks worldwide, according to Kaspersky researchers.