More than 580 million emails spoofing Amazon, Apple, PayPal, and other leading organizations, as well as banks and tax agencies, have been delivered by the novel CoGUI phishing kit during the first four months of 2025, with most of the attacks aimed at Japan, reports BleepingComputer.
Intrusions with CoGUI commenced with the distribution of phishing emails urging immediate recipient action that include a URL redirecting to a phishing site should pre-defined criteria, including IP addresses, operating systems, browser language, device type, and screen resolution, be met, according to an analysis from Proofpoint. U.S.-targeted smishing campaigns involving unpaid toll payment lures have also been supported by CoGUI before being transferred to the unrelated Darcula phishing kit, with which it shares a number of similar features. While CoGUI is believed to have been enabling malicious activity for mostly Chinese threat actors, such a phishing kit could also be tapped by other cybercrime operations to compromise other countries, researchers added.
Intrusions with CoGUI commenced with the distribution of phishing emails urging immediate recipient action that include a URL redirecting to a phishing site should pre-defined criteria, including IP addresses, operating systems, browser language, device type, and screen resolution, be met, according to an analysis from Proofpoint. U.S.-targeted smishing campaigns involving unpaid toll payment lures have also been supported by CoGUI before being transferred to the unrelated Darcula phishing kit, with which it shares a number of similar features. While CoGUI is believed to have been enabling malicious activity for mostly Chinese threat actors, such a phishing kit could also be tapped by other cybercrime operations to compromise other countries, researchers added.
