A financially driven gang in China is using the trust associated with well-known multinational businesses to organize a large-scale sophisticated phishing effort that dates back to 2019.

Fangxiao, the threat actor labelled by Cyjax, is claimed to have registered over 42,000 impostor domains, with early activity identified in 2017.

The campaign targets organizations in various industries, including retail, finance, tourism, and energy. All promised financial or physical rewards to entice victims to propagate the campaign further through WhatsApp.

Users who click on a link received via the messaging app are sent to an actor-controlled site, which directs them to a landing domain mimicking a well-known brand. From this, the victims are directed to sites that distribute fake applications and false prizes.

Visitors are prompted to conduct a survey in order to win cash rewards in return, for which they are urged to transmit the message to five groups or 20 friends. The ultimate redirect, however, is determined by the victim’s IP address and the browser’s User-Agent string.

Watch this live podcast on sophisticated phishing attacks

About the podcast

Going beyond cybersecurity awareness training! Several phishing techniques are used to infect networks or obtain personal information. But some attacks are almost always proven successful. Why?

In this live podcast, we dive deep into deconstructing sophisticated phishing attacks.

We will use real-life case studies to reverse engineer attacks from demoing phishing servers to establishing remote access communication and obtaining credentials from deceived victims.

We also show how hackers can evade technical and human detection even when the company has a mature cyber security posture.

Lastly, we will look at practical ways you can protect your company.

According to the researchers, more than 400 firms, including Emirates, Shopee, Unilever, Indomie, Coca-Cola, McDonald’s, and Knorr, are being replicated as part of the illegal operation.

The program is advertised as a “Powerful Phone Booster,” a “Smart Junk Cleaner,” and an “Effective Battery Saver” by LocoMind, a Czechia-based developer.

Sharing is Caring!

You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://resources.rhyno.io”

For media enquiries, contact us at [email protected].


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center