Security researchers have identified a sophisticated phishing campaign originating in China that is deploying tens of thousands of malicious domains. The phishing campaign is centered around spreading malware and generating advertising revenue, security researchers at Cyjax say. The group has been dubbed Fangxiao and its campaign directs users to the malicious domains via WhatsApp messages. The messages indicate that the recipient has won a prize, and needs to click on the link to claim. The phishing site landing pages are impersonating well known brands such as Coca-Cola, MdDonald’s, Emirates, Unilever, and Knorr.
Fangxiao also generates money from the advertising sites that it directs its victims too. The sites contain fake surveys were the site claims that the user can win a prize. Security researchers state that, in some cases, this triggers malware deployment. Cyjax states that the operators behind the campaign have used other lures in the past, such as Covid-19 themes. The 42,000 domains detected by cybersecurity researchers were registered back in 2019 and have likely been adapted to fit the goals of different phishing campaigns. Additionally, the domain names are changed regularly and quickly to avoid detection.
Read More: China-Based Campaign Uses 42,000 Phishing Domains