Major Chinese phishing operation Smishing Triad has leveraged multiple malicious domains spoofing leading Egyptian service providers, including Careem, Fawry, and the Egypt Post, as part of expanded intrusions, Infosecurity Magazine reports.Additional domains discovered within Smishing Triad's AS132203 infrastructure block associated with Tencent, where the Egyptian domains were found, include those spoofing TikTok and UnionPay, according to an analysis from Dark Atlas. Smishing Triad has also been leveraging Telegram to promote its phishing-as-a-service kits, which include templates that spoof DHL, UPS, and Evri delivery notices, AT&T, Vodafone, and Movistar billing alerts, and USPS, GOV.UK, and Egypt Post messages.Mounting Smishing Triad activity comes as the Darcula PhaaS platform was noted by Netcraft to have been updated with AI-driven automation and a card-cloning tool."Our investigation underscores the importance of proactive threat hunting, continuous monitoring of phishing infrastructure, and user awareness to mitigate the risks posed by these campaigns," said Dark Atlas researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds