Researchers have recorded a clear trend in the distribution of turnkey malware.
Cybersecurity researchers documented a new series of attacks coming from Chinese-speaking cybercriminals known as the "Smishing Triad." In them, hackers disguise themselves as government departments of the United Arab Emirates, sending malicious SMS messages in order to collect confidential information from both local residents and visiting foreigners.
According to experts, cybercriminals use link shortening services, such as Bit.ly to hide the real domain and the location of the fake site. This approach helps hackers protect themselves from revealing their malicious activities.
The first mention of "Smishing Triad" appeared quite recently, literally in September of this year. The group actively uses hacked iCloud accounts to send fraudulent messages, as a result of which it successfully steals users ' personal data and conducts financial fraud.
Cybercriminals also offer ready-made SMS fraud kits at a price of $200 per month to other attackers, as well as engage in Magecart-style attacks on e-commerce platforms, injecting malicious code on vulnerable sites to steal customer data.
Resecurity researchers note that the FaaS model used by attackers allows "Smishing Triad" to scale its operations, giving other cybercriminals the opportunity to use the group's tools to conduct independent attacks.
A new wave of malicious activity is targeting individuals who have recently renewed their visas to live in the UAE by spreading malicious SMS messages, often referred to as SMS phishing or "smishing". The campaign affects Android and iOS devices, probably using SMS forgery technologies or spam services.
Recipients who click on the link embedded in the message are taken to a fake page that mimics the website of the UAE Federal Citizenship Authority, where they are asked to enter their personal data.
A distinctive feature of this campaign is the use of a geolocation mechanism that activates the phishing form only when accessed from IP addresses and mobile devices located in the UAE.
According to Resecurity experts, attackers could have obtained basic information about residents and foreigners in the UAE through data leaks, compromising business emails, databases purchased on the darknet, and other sources.
It is noteworthy that the malicious campaign "Smishing Triad" largely coincides with the activities of the shadow resource OLVX Marketplace, which we talked about a week ago. According to ZeroFOX researchers, the platform sells thousands of products, including phishing kits, web shells, and compromised credentials.
In turn, a recent report by Trellix reveals how cybercriminals use the open Predator tool, designed to combat fraud and detect requests from automated systems, for extremely malicious purposes to conduct various phishing campaigns.
Thus, researchers in the field of IT security note that cybercriminals are always looking for new ways to circumvent security systems, and open tools such as Predator, or ready-made subscription tools, such as what Smishing Triad or OLVX Marketplace offers, significantly simplify this task, allowing hackers to achieve their goals much more easily, malicious purposes.
Cybersecurity researchers documented a new series of attacks coming from Chinese-speaking cybercriminals known as the "Smishing Triad." In them, hackers disguise themselves as government departments of the United Arab Emirates, sending malicious SMS messages in order to collect confidential information from both local residents and visiting foreigners.
According to experts, cybercriminals use link shortening services, such as Bit.ly to hide the real domain and the location of the fake site. This approach helps hackers protect themselves from revealing their malicious activities.
The first mention of "Smishing Triad" appeared quite recently, literally in September of this year. The group actively uses hacked iCloud accounts to send fraudulent messages, as a result of which it successfully steals users ' personal data and conducts financial fraud.
Cybercriminals also offer ready-made SMS fraud kits at a price of $200 per month to other attackers, as well as engage in Magecart-style attacks on e-commerce platforms, injecting malicious code on vulnerable sites to steal customer data.
Resecurity researchers note that the FaaS model used by attackers allows "Smishing Triad" to scale its operations, giving other cybercriminals the opportunity to use the group's tools to conduct independent attacks.
A new wave of malicious activity is targeting individuals who have recently renewed their visas to live in the UAE by spreading malicious SMS messages, often referred to as SMS phishing or "smishing". The campaign affects Android and iOS devices, probably using SMS forgery technologies or spam services.
Recipients who click on the link embedded in the message are taken to a fake page that mimics the website of the UAE Federal Citizenship Authority, where they are asked to enter their personal data.
A distinctive feature of this campaign is the use of a geolocation mechanism that activates the phishing form only when accessed from IP addresses and mobile devices located in the UAE.
According to Resecurity experts, attackers could have obtained basic information about residents and foreigners in the UAE through data leaks, compromising business emails, databases purchased on the darknet, and other sources.
It is noteworthy that the malicious campaign "Smishing Triad" largely coincides with the activities of the shadow resource OLVX Marketplace, which we talked about a week ago. According to ZeroFOX researchers, the platform sells thousands of products, including phishing kits, web shells, and compromised credentials.
In turn, a recent report by Trellix reveals how cybercriminals use the open Predator tool, designed to combat fraud and detect requests from automated systems, for extremely malicious purposes to conduct various phishing campaigns.
Thus, researchers in the field of IT security note that cybercriminals are always looking for new ways to circumvent security systems, and open tools such as Predator, or ready-made subscription tools, such as what Smishing Triad or OLVX Marketplace offers, significantly simplify this task, allowing hackers to achieve their goals much more easily, malicious purposes.
