Morocco Top African Target in Chinese Malware Attack on 11,000 Devices Worldwide
The large-scale campaign, orchestrated by Chinese-speaking threat actors, has infected more than 11,000 devices worldwide in under three months.
While Europe remains the primary focus, with Portugal, Spain, and France recording the highest infection rates, a report by Cleafy Threat Intelligence said Morocco is the continent's most significant hotspot.
'Accounting for 22% of total infections, the botnet's footprint in Africa is characterised by a geographically dispersed activity, with the clear exception of Morocco, which has emerged as the continent's primary hotspot,' reads the report.
The malware is spread through fraudulent Google Play Store pages and enables full real-time control of infected smartphones. Once installed, it can steal banking credentials, intercept SMS messages, capture screenshots, and even stream the victim's screen live to cybercriminals.
The RAT is part of a Malware-as-a-Service (MaaS) model, which allows multiple criminal affiliates to run independent campaigns while using shared infrastructure.
Moroccan victims are believed to be targeted primarily in French and Arabic.
The growing Arabic-language infections, which saw a sharp spike in late June, may signal an intensifying wave of attacks against users in Morocco and across North Africa. The malware's operators have been continuously updating its capabilities, which makes it harder to detect and block.
'A final, telling development is the sudden, sharp spike in Arabic-speaking victims in the last week, which may signal the opening of another major campaign front,' added the report.
The report concluded that the campaign is growing by more than 2,000 new infections each week, and is increasingly targeting Spanish and French speakers. Tags: Androidmalware attackMorocco
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Morocco World
3 days ago
- Morocco World
Amir DZ Kidnapping: France Issues Terrorism Arrest Warrant for Algerian Diplomat
Rabat – A French judge has issued an international arrest warrant against Salaheddine Selloum, a former first secretary at the Algerian embassy in Paris, for his alleged role in a terrorist conspiracy linked to the kidnapping of Amir Boukhors, known as Amir DZ, an Algerian YouTuber and political refugee in France. Amir DZ was abducted in April 2024 in Val-de-Marne, near Paris. French authorities accuse Selloum of participating in the unlawful arrest, detention, and kidnapping of the influencer. The French national anti-terrorism prosecutor requested the arrest warrant due to 'serious suspicions' of Selloum's involvement in these crimes, Le Monde reported . The judge issued the international warrant on July 25, aiming to prevent impunity for Algerian agents suspected of serious offenses. Selloum served as first secretary at the Algerian embassy in Paris between 2021 and 2024. Algerian activist and journalist Oualid Kebir described the arrest warrant as a 'serious and unprecedented judicial and political development.' 'The case is one of the most sensitive issues in the relations between Paris and Algeria,' Kebir added. This development adds to the already tense relations between France and Algeria. Earlier this week, French President Emmanuel Macron sent a letter to Algerian Prime Minister François Bayrou urging the government to act with 'greater firmness and determination' against Algeria and its authorities. 'The Algerian authorities have made the deliberate choice not to respond to our repeated calls over recent months to work together in the interest of our two nations,' reads the letter. Emmanuel cited Algeria's failure to honor agreements, particularly regarding the return of deported nationals, as well as the case of imprisoned French-Algerian writer Boualem Sansal. Following this, France suspended a visa exemption deal for Algerian diplomats and tightened visa rules, which Algeria responded to by reinstating visa requirements for French officials. Tags: AlgeriaAmir DZFranceterrorism
Morocco World
3 days ago
- Morocco World
Morocco Top African Target in Chinese Malware Attack on 11,000 Devices Worldwide
Rabat – Cybersecurity researchers have identified Morocco as the main African target in a rapidly expanding global cybercrime operation using a sophisticated Android Remote Access Trojan (RAT) known as PlayPraetor. The large-scale campaign, orchestrated by Chinese-speaking threat actors, has infected more than 11,000 devices worldwide in under three months. While Europe remains the primary focus, with Portugal, Spain, and France recording the highest infection rates, a report by Cleafy Threat Intelligence said Morocco is the continent's most significant hotspot. 'Accounting for 22% of total infections, the botnet's footprint in Africa is characterised by a geographically dispersed activity, with the clear exception of Morocco, which has emerged as the continent's primary hotspot,' reads the report. The malware is spread through fraudulent Google Play Store pages and enables full real-time control of infected smartphones. Once installed, it can steal banking credentials, intercept SMS messages, capture screenshots, and even stream the victim's screen live to cybercriminals. The RAT is part of a Malware-as-a-Service (MaaS) model, which allows multiple criminal affiliates to run independent campaigns while using shared infrastructure. Moroccan victims are believed to be targeted primarily in French and Arabic. The growing Arabic-language infections, which saw a sharp spike in late June, may signal an intensifying wave of attacks against users in Morocco and across North Africa. The malware's operators have been continuously updating its capabilities, which makes it harder to detect and block. 'A final, telling development is the sudden, sharp spike in Arabic-speaking victims in the last week, which may signal the opening of another major campaign front,' added the report. The report concluded that the campaign is growing by more than 2,000 new infections each week, and is increasingly targeting Spanish and French speakers. Tags: Androidmalware attackMorocco
Morocco World
6 days ago
- Morocco World
Cigarette at Unknown Soldier: France Set to Revoke Residency of Moroccan Man
French Interior Minister Bruno Retailleau has announced that his country will revoke the residency permit of a Moroccan national who sparked outrage after desecrating the Tomb of the Unknown Soldier in Paris. A viral video of the incident, in which the man is seen lighting a cigarette beneath the Arc de Triomphe, has sparked an outcry online. Police arrested the man, who is now in custody. Europe 1 reported that the man is already known to police. 'According to Article 225-17 of the Penal Code, the man whose residence permit is set to be revoked faces a fine of several thousand euros,' said the repor. Le Figaro identified the suspect as a Moroccan man who has been residing legally in France. Many French officials reacted to the video, including Retailleau, who described the situation as a 'disgraceful and contemptible act.' 'He will be brought before the justice system. This is a disgraceful and contemptible act and is an affront to the memory of those who died for France,' he wrote on X. Patricia Miralles, Minister Delegate for Remembrance and Veterans Affairs, also condemned the situation as an 'unacceptable display of indecency.' She said the act is an insult to 'our dead, our history, and our nation.' She described the situation as also an 'affront to the memory of those who fell for France,' confirming having filed a formal complaint with the Paris public prosecutor. Tags: Bruno Retailleaumoroccan nationalparisUnknown Soldier Paris
