Yanbian Gang  (Back to overview)

RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.

Associated Families
apk.funkybot apk.moqhao

Moqhao masters new tricks
2023-03-16Team CymruS2 Research Team
MoqHao Part 3: Recent Global Targeting Trends
2023-01-19Kaspersky LabsGReAT
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
2022-08-11xanhacks' infosec blogxanhacks
MoqHao Android malware analysis and phishing campaign
2022-07-18SekoiaThreat & Detection Research Team
Ongoing Roaming Mantis smishing campaign targeting France
2022-04-07Team CymruJosh Hopkins
MoqHao Part 2: Continued European Expansion
2021-08-11Team CymruJosh Hopkins
MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
2021-05-18Medium (Cryptax)Axelle Apvrille
A native packer for Android/MoqHao
2021-05-05Kashif Ali Surfeit and Blasé SecurityKashif Ali
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
MoqHao Roaming Mantis
2021-04-07RiskIQTeam RiskIQ
Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
Yanbian Gang
2021-01-20Team CymruAndy Kraus
MoqHao Part 1: Identifying Phishing Infrastructure
2020-06-25Medium CSIS TechblogAleksejs Kuprins
The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices
FakeSpy FunkyBot MoqHao
2020-02-27Kaspersky LabsSuguru Ishimaru
Roaming Mantis, part V: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
FunkyBot MoqHao Roaming Mantis
2020-01-17Hiroaki Ogawa, Manabu Niseki
100 more behind cockroaches?
MoqHao Emotet Predator The Thief
2019-09-04FortinetDario Durando
FunkyBot: A New Android Malware Family Targeting Japan
2019-01-01Kaspersky LabsHiroaki Ogawa, Manabu Niseki, Suguru Ishimaru
Roaming Mantis: an Anatomy of a DNS Hijacking Campaign
MoqHao Roaming Mantis
2018-11-26Trend MicroEcular Xu, Lorin Wu
Examining XLoader, FakeSpy, and the Yanbian Gang
FakeSpy MoqHao Yanbian Gang
2018-11-26Trend MicroEcular Xu, Lorin Wu
A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
FakeSpy MoqHao
2018-06-19Trend MicroEcular Xu
FakeSpy Targets Japanese and Korean-Speaking Users
FakeSpy Yanbian Gang
2018-04-20Trend MicroTrend Micro
XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
MoqHao Yanbian Gang
2015-02-12Trend MicroSimon Huang
Mobile Malware Gang Steals Millions from South Korean Users
Yanbian Gang

Credits: MISP Project