Security News > 2022 > November > Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards.
Attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.
It's not just Triada, as another destination of the campaign is the Google Play Store listing of an app called "App Booster Lite - RAM Booster", which has over 10 million downloads.
The app, made by a Czechia-based developer known as LocoMind, is described as a "Powerful Phone Booster," "Smart Junk Cleaner," and an "Effective Battery Saver."
Reviews for the app have called out the publisher for showing too many ads, and even point out that they "Arrived here from one of those 'your android is damaged x%' ads."
"Our app can't spread viruses," LocoMind responded to the review on October 31, 2022.
News URL
https://thehackernews.com/2022/11/chinese-hackers-using-42000-imposter.html
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- US says Chinese hackers breached multiple telecom providers (source)