Partager:

JAKARTA - The spoofing campaign has re-emerged, researchers found a website that mimics the big brand of distributing malware or displaying malicious advertising to visitors.

Spoofing is an online scam that the perpetrators disguise themselves as someone or certain parties. Researchers from Cyjax, a threat intelligence specialist, includes the focus of cyberspace finding online criminal group Fangxiao.

The group operates more than 42,000 web domains disguised as companies such as Coca-Cola, McDonald's, Unilever, Emirates, and others.

Researchers say more than 400 companies have experienced identity theft in this campaign. The group, which appears to operate outside China (because one of the open control panels is allegedly in Mandarin), makes about 300 of these domains every day.

They then advertise it either via WhatsApp messages or mobile ads. The victim who clicked on this link was sent to a page that used all kinds of tactics to keep them involved and didn't realize it was all a major scam.

Launching TechRadar, Thursday, November 17, added the researchers, this page also hosts advertisements from YlliX, ad networks labeled suspiciously by Google, and Facebook.

The ultimate goal, of course, is to get victims to download apps, make micro SMS payments out of ignorance, open fake dating sites, or get commissions for attackers via Amazon affiliate links.

In some cases, the victim was also given an incentive to download an application from the Play Store called the App Booster Lite-RAM Booster.

While this isn't entirely dangerous, it asks for access permits and shows a large number of ads that are difficult to close. According to research reports, the app was made by the same developer that was previously seen as being involved in adware.

In addition to the fact that threat actors are based in China, there is very little information that could lead to its identification. Fangxiao is also observed selling its services for other entities that want to increase web traffic.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)