"China-Based Fangxiao Group Behind a Long-Running Phishing Campaign"

According to Cyjax researchers, a financially motivated group based in China called Fangxiao has been orchestrating a large-scale phishing campaign since 2017. The sophisticated phishing campaign takes advantage of international brand reputations and targets businesses in various industries, including retail, banking, travel, and energy. More than 400 companies were impersonated, including Emirates, Singapore's Shopee, Unilever, Indomie, Coca-Cola, McDonald's, and Knorr. In order to trick victims into visiting a series of sites owned by advertising agencies, the attackers use financial or physical incentives offered via WhatsApp. In addition, Fangxiao registered over 42,000 fake domains that were used to distribute malicious apps and fake rewards. These landing pages prompt visitors to complete a survey in order to win prizes, and they are instructed to tap a box. The site may require up to three taps for a "win," a high-value gift card. To be eligible for the prize, victims must share the phishing campaign with 5 groups and 20 friends via WhatsApp. In some cases, the Fangxiao landing pages displayed malicious ads that delivered the Triada malware when clicked from an Android device. In regard to iOS users, they are redirected to Amazon via an affiliate link, which generates revenue for every purchase made on the platform. The presence of Mandarin text in a web service associated with "aaPanel," as well as China Standard Time for domain registration, led to the campaign being attributed to a China-linked threat actor. This article continues to discuss the China-based financially motivated group Fangxiao. 

Security Affairs reports "China-Based Fangxiao Group Behind a Long-Running Phishing Campaign"