Security News > 2022 > November > Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards.

Attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.

It's not just Triada, as another destination of the campaign is the Google Play Store listing of an app called "App Booster Lite - RAM Booster", which has over 10 million downloads.

The app, made by a Czechia-based developer known as LocoMind, is described as a "Powerful Phone Booster," "Smart Junk Cleaner," and an "Effective Battery Saver."

Reviews for the app have called out the publisher for showing too many ads, and even point out that they "Arrived here from one of those 'your android is damaged x%' ads."

"Our app can't spread viruses," LocoMind responded to the review on October 31, 2022.

News URL

https://thehackernews.com/2022/11/chinese-hackers-using-42000-imposter.html