Security News > 2023 > September > Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.
A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud.
"The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information and payment credentials from victims, in the furtherance of identity theft and credit card fraud," Resecurity said in an analysis published last week.
The cybercrime group, dubbed Smishing Triad, is also said to be in the business of "Fraud-as-a-service," offering other actors ready-to-use smishing kits via Telegram that cost $200 a month.
Resecurity's analysis of the smishing kit revealed an SQL injection vulnerability that it said allowed them to retrieve over 108,044 records of victims' data.
The Telegram group associated with Smishing Triad includes graphic designers, web developers, and sales people, who oversee the development of high-quality phishing kits as well as their marketing on dark web cybercrime forums.
Package tracking text scams notwithstanding, Smishing Triad is also known to indulge in Magecart-like attacks that infect online shopping platforms with malicious code injections to intercept customer data.
News URL
https://thehackernews.com/2023/09/chinese-speaking-cybercriminals-launch.html