New Android Malware Variant MoqHao Emerges
Security researchers have identified a new variant of Android malware dubbed MoqHao, which operates without requiring user interaction.
Unlike previous versions, this iteration automatically executes upon installation on infected devices. The campaign primarily targets Android users in France, Germany, India, Japan, and South Korea. MoqHao, also known as Wroba and XLoader, is linked to the Chinese financially motivated group Roaming Mantis. The malware is distributed via smishing techniques, with malicious links hidden using URL shorteners. SMS messages containing these links are crafted from fraudulent Pinterest profiles, increasing the likelihood of successful attacks. MoqHao’s evolution includes the automatic execution of its malicious payload upon installation, prompting victims to grant risky permissions without launching the app. This behavior resembles that of HiddenAds malware, indicating a shift in tactics. Previous campaigns have compromised thousands of devices, with updated versions infiltrating Wi-Fi routers for DNS hijacking. The persistence and innovation of MoqHao underscore the ongoing threat posed by Android-based mobile malware.