Security News > 2022 > November > Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards.
Attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.
It's not just Triada, as another destination of the campaign is the Google Play Store listing of an app called "App Booster Lite - RAM Booster", which has over 10 million downloads.
The app, made by a Czechia-based developer known as LocoMind, is described as a "Powerful Phone Booster," "Smart Junk Cleaner," and an "Effective Battery Saver."
Reviews for the app have called out the publisher for showing too many ads, and even point out that they "Arrived here from one of those 'your android is damaged x%' ads."
"Our app can't spread viruses," LocoMind responded to the review on October 31, 2022.
News URL
https://thehackernews.com/2022/11/chinese-hackers-using-42000-imposter.html
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)