"42,000 Sites Used to Trap Users in Brand Impersonation Scheme"

'Fangxiao' is a malicious for-profit organization that has established a massive network of more than 42,000 web domains that impersonate well-known brands in order to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. The imposter domains appear to be part of a massive traffic generation scheme that generates ad revenue for Fangxiao's own sites as well as more visitors for 'customers' who buy traffic from the group. The threat actors are based in China, according to a report by Cyjax. They have been spoofing over 400 well-known brands in retail, banking, travel, pharmaceuticals, transportation, finance, and energy since 2017. Coca-Cola, McDonald's, Knorr, Unilever, Shopee, Emirates, and other brands are mentioned in the report, with many fake sites offering extensive localization options. Victims of Fangxiao are often redirected to sites that infect them with the Triada Trojan or other malware. However, no link has been established between the operators of these sites and Fangxiao yet. Fangxiao registers approximately 300 new brand impersonation domains per day in order to generate massive traffic for its customers and its own sites. The malicious operators have used at least 24,000 landing and survey domains to promote their fake prizes to victims since the beginning of March 2022. Users find their way to these sites via mobile advertisements or after receiving a WhatsApp message containing the link, which usually makes a special offer or informs the recipient that they have won something. This article continues to discuss findings surrounding the massive Fangxiao campaign.

Bleeping Computer reports "42,000 Sites Used to Trap Users in Brand Impersonation Scheme"