Cybersecurity researchers have warned of a “wide and permanent” SMS phishing company, which aims at paid road roads in the US for financial thefts since mid -October 2024.
“Numerous attacks on the road are carried out by numerous financially motivated threats by the subjects using the Smishing set, developed” Wang Duo Yu. evaluated with moderate confidence.
A Phishing -CompanyAccording to the company, it stands for US electronic fence collection systems such as E-ZPASS, sending SMS messages and apple zessages to private persons by Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois and Kansas about unpaid value.
Worth noting some aspects of a paid phishing company Previously highlighted Security journalist Brian Krebs in January 2025, and the activity is traced to the Chinese phishing service SMS called Lighthouse, which is advertised on Telegram.
While Apple IMessage automatically disables links in messages obtained from unknown sentgers, broken texts call on the recipients to respond to “Y” to activate the link – tactics observed in phishing kits like Darkula and Xiū gǒu.
If the victim clicks on the link and visit the domain, they are invited to solve the fake image of the CAPTCHA Challenge, after which they are redirected to the fake E-ZPASS page (eg, “ezp-va (.lcom” or “e-zpass (.) Com-Tetcjr () Xin”) where they are asked to enter into their name and The bill.
The goals are then asked to continue to make the payment on another fraudulent page, and at this point, all the introduced personal and financial information is transformed to the threat subjects.
Tolos noted that several threatening subjects are conducting road breaking companies, probably using a phishing -component developed by Wang Duo, and that it observed similar kits used by another Chinese -organized cybercrime group known as The Smishing Triad.
Interestingly, Wang Duo Yu is also supposed to be the creator of phishing kits used as a result of the triad breakdown, according to the SMI grant. “Creator is the current computer science student in China who uses the skills he learns to do a penny on the side,” Smith revealed in huge analysis In August 2024.
Throwing triad there is know for holding Large -scale beating attacks Earning for postal services at least 121 countries using unsuccessful shipping baits to persuade the recipients of messages to click on fictitious links that require their personal and financial information under the guise of the intended service service fee.
In addition, the threats that use these kits tried To record details of the victim map into a mobile wallet, allowing them to further money on scale using the technique known as Ghost Tap.
It was found that phishing kits were also canceled that the captured credit/debit card information is also exposed to creators, a technique known as double theft.
“Wang Duo Yu created and developed certain kits for breaking and selling access to these kits on its telegram channels,” Talas said. “The sets are available with different infrastructure options for $ 50 for a full form of development, $ 30 per proxy (if the client has a personal domain and server), $ 20 for updates and $ 20 for all other support.”
As of March 2025, an electronic crime group has focused its efforts on a new set of lighthouse, which is aimed at harvesting powers from banks and financial organizations in Australia and Asia Pacific, Silent Push reports.
Threatening actors also claim that “300+ registration employees” to support various aspects of fraud and cash -related cash.
“Smishing TRIAD also sells its phishing kits to other angrily aligned threats through the telegram and probably other channels,” the company, ” – Note. “These sales make it difficult to attribute the sets of any one subgroup, so the sites are currently attributed here under the broken umbrella.”
In a report published last month, Prodaft disclosed This beacon shares tactical overlapping with phishing kits such as Lucid and Darcula, and that it works regardless of the Xinxin group, Cybercrime Group, which stands for the Lucid Kit. The Swiss Cybersecurity Company monitors the van Yu duo (aka Lao van) as a larva-241.
“Analysis of attacks conducted using Lucid and Darcula panels showed that Lao Wang / Wang Duo Yu) shares significant similarities with the Xinxin group in terms of targeting, landing and domain creation,” said Prodaft.
Cybersecurity that was the first documented Throwing triad In 2023, and monitors companies with a paid scam, he said that Smishing Syndicate used more than 60,000 domain names, making it difficult for Apple and Google to effectively block the activity.
“Using underground volume SMS services allows cybercriminals to scale their activities, focusing on millions of users simultaneously”, “rethinking security – Note. “These services allow the attackers to send thousands or millions of false reports IM effectively, focusing on users individually or a group of users based on specific demographics in different regions.”
