Massive adware campaign spoofs top brands to trick users
Threat actors are impersonating Coca-Cola, McDonalds, and more
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity researchers have recently discovered a huge website spoofing campaign that impersonates major brands to distribute malware or serve malicious ads to visitors.
Researchers fromCyjaxfound a group called “Fangxiao”. This group operates more than 42,000 web domains impersonating companies such as Coca-Cola, McDonald’s, Unilever, Emirates, and others.
More than 400 companies have experienced a form ofidentity theftin this campaign, researchers said.
How it works
The group, which apparently operates out of China (one of the exposed control panels was allegedly in Mandarin), creates roughly 300 of these domains every day. They then advertise them either throughWhatsAppmessages or mobile ads.
Victims that click on these links are sent to landing pages that employ all kinds of tactics to keep them engaged and too busy to consider the fact that it’s all one big scam. These landing pages also host ads from ylliX, an ad network labeled “suspicious” by bothGoogle, and Facebook, the publication claims.
These companies are the most impersonated in email phishing campaigns>Using Zero Trust to battle email impersonation attacks>This is the best endpoint protection software out there
The endgame is to have the victims either download an app (a Triada trojan), make SMS micropayments in ignorance, open up fake dating sites, or earn a commission for the attackers viaAmazonaffiliate links.
In some cases, the victims are also incentivized to download an app from thePlay Storecalled “App Booster Lite - RAM Booster”. While this one isn’t outright malicious, it does request shady permissions and serves a huge number of hard-to-close ads. According to the report, this app was built by the same developer that was previously seen engaged in adware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Other than the fact that the threat actors are based in China, there is very little information that could lead to its identification. Fangxiao was also observed selling its services for other entities looking to boost web traffic.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Sihoo Doro S100 ergonomic office chair review
