Almost 100 brands spoofed by Chinese phishing kit

Financial fraud incidence has ramped up with the proliferation of the Chinese-developed YYlaiyu phishing-as-a-service kit, which has been impersonating 97 different brands, reports The Register. Aside from spoofing shipping firms DHL and FedEx, video streaming app TikTok, cryptocurrency platform Coinbase, and airlines Qantas and All Nippon Airways, YYlaiyu which is believed to have been active since September 2024 has also masqueraded as investment organizations Schwab and Fidelity, Hong Kong trading platform Futu NiuNiu, and Singaporean trading app Tiger Brokers, according to research from SpyCloud and URL threat scanning service urlscan. Intrusions with YYlaiyu involved phishing pages that trigger real-time interaction with attackers, who will then be able to obtain OTP codes for digital wallets. Attackers have also leveraged pilfered credentials to facilitate ramp and dump activities. Organizations have been urged by SpyCloud security researcher Aurora Johnson to be wary of the phishing kit's targeting of their customers in attacks that exploit their brand recognition.