- This 2 TB Samsung 990 Pro M.2 SSD is on sale for $160 this Black Friday
- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
Chinese Phishing Gang
A recently discovered Chinese phishing gang has expanded its campaigns to the Middle East with new scams designed to harvest personal and payment data from victims, according to Group-IB.
The Singapore-based threat intelligence firm reported the discovery of the “PostalFurious” group in April 2023, after it spotted a smishing campaign impersonating postal brands and toll operators in APAC.
It has now attributed a new flood of phishing texts and iMessages in the UAE to the same group.
Read more on SMS-based scams: IRS Warns of “Industrial Scale” Smishing Surge.
UAE residents received spoofed messages asking them to pay a vehicle toll to avoid additional fines, Group-IB explained. The text messages contained shortened URLs to obscure the true phishing domain and once a user clicked, they were directed to a fake branded payment page.
An almost identical campaign, which began two weeks after the first, impersonating a UAE postal operator. Both use the same servers, with phishing messages often sent from numbers in Malaysia and Thailand, as well as via email addresses through iMessage.
URLs in the texts asked individuals to enter personal and financial details including name, address and credit card information.
It is not clear how many people were targeted in this campaign, but customers of several UAE telcos have received the malicious SMS messages, Group-IB said.
The phishing websites themselves apparently use access-control techniques to avoid automated detection and blocking, and can only be accessed from UAE-based IP addresses.
Group-IB tied the campaigns to PostalFurious with some confidence, given they use the same infrastructure and code observed in previous activity from the group in APAC.
Laravel is used as an administration panel, while the source code of the phishing contains comments written in simplified Chinese, it said.
Group-IB senior cyber investigation specialist Anna Yurtaeva argued that phishing actors are becoming more prolific and sophisticated.
“They can no longer be detected and stopped by automated blocking. People should stay vigilant and aware of ongoing scams,” she added.
“PostalFurious operations demonstrate the transnational nature of organized cybercrime and emphasize the need for a coordinated joint response that involves the general public, private sector, and government.”