Security News > 2022 > November > 42,000 sites used to trap users in brand impersonation scheme
A malicious for-profit group named 'Fangxiao' has created a massive network of over 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways.
The imposter domains are used as part of what appears to be a massive traffic generation scheme that creates ad revenue for Fangxiao's own sites or more visitors for 'customers' who purchase traffic from the group.
Often, Fangxiao victims are redirected to sites that infect them with the Triada trojan or other malware.
To generate massive traffic for its customers and its own sites, Fangxiao registers approximately 300 new brand impersonation domains daily.
Users arrive on these sites through mobile advertisements or after receiving a WhatsApp message containing the link, typically making a special offer or informing the recipient they won something.
It is currently unknown if this massive baiting operation using many fake sites to draw victims is related to the final destinations or if Fangxiao is merely collaborating with those sites to make a profit.