According to the latest research by Security Company Selief Company, one of the most outstanding smish actors is often referred to as the “Chinese Researcher” in a way that the security researcher group threatens participants and branches in Chinese, according to the latest research silently promoted by security companies that impersonate organizations and brands in at least 121 countries in the study.
The team has used about 200,000 domains, the study said, using about 187 top-level domains (such as .top, .world, and .vip). According to Silent Push, over 1 million pages of access to the scam website used by Smishing Triad have been made in the last 20 days.
In addition to collecting name, email, address, and card details, these sites prompt people to enter a one-time password or authentication code that allows criminals to add their bank cards to Apple Pay or Google Wallet, allowing them to use cards on the other side of the world.
“They effectively turned modern digital wallets like Apple Pay or Google Wallet into the best card-style device we invented,” Merrill said.
In the telegram group linked to the cybercrime group, some members shared photos and videos of bank cards that were added to digital wallets on iPhone and Android. For example, in one video, alleged scammers showcase dozens of virtual cards they have been added to the phone they are using.
Merrill Lyn said criminals may not use the cards they added to their digital wallet to pay directly, but it may not take a long time.
He explained: “When we first start seeing this, they’ll wait between 60 and 90 days and then actually steal money from the card. “Now, if they’re waiting for seven days or even a few days.”
“Security is at the heart of Google Wallet Experience, and we work closely with card issuers to prevent fraud,” said Olivia O’Brien, Google Communications manager. “For example, banks notify customers when adding cards to new wallets, and we provide signals to help issuers detect fraud so they can decide whether to approve the card.”
Apple did not respond to a request for comment from cable.
The mega scam ecosystem is partially powered by commercial underground scams. Security Firm Recurity’s findings have been following Smishing Triad for more than two years, saying the group has been using “batch” SMS and messaging service services as it expands the number of messages it sends.
Meanwhile, as several security researchers have pointed out, the Smishing Triad Group also uses its own software, called Lighthouse, to collect, manage and store people’s personal information and card details. Videos of the Lighthouse software that were originally shared on the telegram and republished by silently pushing, show how the system collects card details.
Senter Push said the latest version of the software was updated in March this year, “targeting dozens of financial brands,” including PayPal, MasterCard, Visa and Stripe and Stripe. Furthermore, the Australian banking brand appears to be fake, suggesting that the target may be expanded further, the study said.
