CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

admin by admin
November 17, 2022
in Information Security


A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019.

The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017.

“It targets businesses in multiple verticals including retail, banking, travel, and energy,” researchers Emily Dennison and Alana Witten said. “Promised financial or physical incentives are used to trick victims into further spreading the campaign via WhatsApp.”

Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards.

These sites prompt the visitors to complete a survey to claim cash prizes, in exchange for which they are asked to forward the message to five groups or 20 friends. The final redirect, however, hinges on the IP address of the victim and the browser’s User-Agent string.

More than 400 organizations, including Emirates, Shopee, Unilever, Indomie, Coca-Cola, McDonald’s, and Knorr, are being imitated as part of the criminal scheme, the researchers said.

Alternatively, attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.

It’s not just Triada, as another destination of the campaign is the Google Play Store listing of an app called “App Booster Lite – RAM Booster” (com.app.booster.lite.phonecleaner.batterysaver.cleanmaster), which has over 10 million downloads.

The app, made by a Czechia-based developer known as LocoMind, is described as a “Powerful Phone Booster,” “Smart Junk Cleaner,” and an “Effective Battery Saver.”

Reviews for the app have called out the publisher for showing too many ads, and even point out that they “Arrived here [the Play Store page] from one of those ‘your android is damaged x%’ ads.”

“Our app can’t spread viruses,” LocoMind responded to the review on October 31, 2022. “Each of our updates is checked by Google Play – they would have removed our app long ago for this reason.”

Should the same action be performed from a device running iOS, the victim is redirected to Amazon via an affiliate link, netting the actor a commission for every purchase on the e-commerce platform made during the next 24 hours.

The threat actor’s China connections stem from the presence of Mandarin text in a web service associated with aaPanel, a Python-based open source control panel for hosting multiple websites.

Further analysis of the TLS certificates issued to the survey domains in 2021 and 2022 reveals that a bulk of the registrations overlap with the UTC+08:00 time zone, which corresponds to China Standard Time from 9:00 a.m. to 11:00 p.m.

“The operators are experienced in running these kinds of imposter campaigns, willing to be dynamic to achieve their objectives, and technically and logistically capable of scaling to expand their business,” the researchers said.

“The Fangxiao campaigns are effective lead generation methods which have been redirected to various domains, from malware, to referral links, to ads and adware.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Fall 2022 SOC reports now available with 154 services in scope

Next Post

Initiativesforunleashingpotential ~ Future of CIO

Related Posts

Information Security

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

by admin
March 24, 2023
Information Security

Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM

by admin
March 24, 2023
Information Security

AV-Comparatives Anti-Phishing Test | Avast

by admin
March 24, 2023
Information Security

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

by admin
March 23, 2023
Information Security

New Instagram scam uses fake SHEIN gift cards as lure

by admin
March 23, 2023
Next Post

Initiativesforunleashingpotential ~ Future of CIO

Recommended

Illuminatesilience

March 25, 2023

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

March 24, 2023

Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM

March 24, 2023

AV-Comparatives Anti-Phishing Test | Avast

March 24, 2023

Innateniche

March 24, 2023

The Importance of Sustainable Technology

March 23, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.