In a widespread phishing campaign, a Chinese hacking group known as "Fangxiao" is using thousands of imposter domains to target victims.
Thousands are at risk from the Fangxiao phishing campaign.
Thousands of people are at risk as a result of a massive phishing campaign run by the Chinese hacking group "Fangxiao."
To facilitate phishing attacks, this campaign used 42,000 imposter domains. These bogus domains are intended to direct users to adware (advertising malware) apps, giveaways, and dating websites.
The 42,000 phony domains used in this campaign were discovered by Cyjax, a cybersecurity and threat solutions company. The scam was described as sophisticated in a Cyjax blog post by Emily Dennison and Alana Witten, with the ability to "exploit the reputation of international, trusted brands in multiple verticals including retail, banking, travel, pharmaceuticals, travel, and energy".
The scam commences with a nefarious WhatsApp message impersonating a well-known brand. Emirates, Coca-Cola, McDonald's, and Unilever are examples of such brands. This message contains a link to a webpage that has been enticingly designed. The redirection site is determined by the target's IP address as well as their user agent.
For example, McDonald's may advertise a free giveaway. When the victim completes their registration for the giveaway, the Triada Trojan malware can be downloaded. Malware can also be installed through the download of a specific app, which victims are instructed to install in order to continue participating in the giveaway.
Fangxiao's infrastructure is mostly protected by CloudFlare, an American Content Delivery Network, according to Cyjax's blog post about this campaign (CDN). It was also discovered that the imposter domains were registered on GoDaddy, Namecheap, and Wix, with their names shifting on a regular basis.
The majority of these phishing domains were registered with.top, with the rest mostly with.cn,.cyou,.xyz,.tech, and.work.
The Fangxiao Group Is Not a New Concept
The Fangxiao hacking collective has been active for some time. The domains used in this campaign were discovered by Cyjax in 2019 and have been increasing in number since then. Fangxiao added over 300 unique domains in just one day in October 2022.
.The group's location in China is not 100% confirmed, but Cyjax has determined it with high confidence. The use of Mandarin in one of the group's exposed control panels is one indication of this. Cyjax also speculated that the campaign's goal is most likely monetary gain.
Phishing is one of the most common cybercrime tactics today, and it can take many different forms. Phishing attacks, especially those that are highly sophisticated, can be difficult to detect. Although spam filters and antivirus software can help to reduce phishing attacks, it's still important to trust your instincts and avoid any communications that don't seem quite right.
