© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Chinese threat group spoofs Coca-Cola and McDonald’s in sophisticated phishing campaign


A new large-scale phishing campaign with over 42,000 unique domains impersonates popular brands to spread malware, threat intelligence company Cyjax discovered.

The threat actor, dubbed as “Fangxiao,” is likely to be based in China and is financially rather than politically affiliated.

It targets companies across various industries, including retail, banking, travel, pharmaceuticals, and others, and tricks victims via common sentiments – for example, fears surrounding the COVID-19 pandemic in 2020.

Fangxiao operates by sending a link via a WhatsApp message, which redirects users to a fake page of a well-known brand. The group regularly changes its domains, with 300 unique domains reportedly used on one day in October 2022 alone.

Lured by the promises of a reward, victims land on a survey page, where clicking on the “Complete registration” button will sometimes result in a download of the Triada malware.

The group impersonates a variety of brands and companies, such as Emirates, Singapore’s Shopee, Unilever, Indonesia’s Indomie, Coca-Cola, McDonald’s, and Knorr, with 400 established brands imitated.

The number of domains used by Fangxiao continues to grow, with most of its infrastructure protected behind CloudFlare.

“What should be clear from this study is that Fangxiao’s criminal actions, like those of all other cyber threat groups, are enabled by the internet infrastructure which we all rely on,” researchers conclude, pointing out that dealing with this problem remains a serious issue, as we all use the same platforms.

Chinese threat actors are commonly engaged in a variety of campaigns, including espionage and intelligence collection. In 2021, Chinese spies used code first developed by the US National Security Agency to support their hacking operations.


More from Cybernews:

Ukraine's true detective: we took the fight to Russia with digital weapons

Google wins legal battle against Russian-operated Glupteba botnet

Wickr Me messaging app is shutting down

Criminals charge $350 for hacking WhatsApp and Viber accounts

Russian censors suffer another massive hack

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked