According to Group-IB, a recently discovered Chinese phishing group has expanded to the Middle East with a new scam aimed at harvesting personal and payment data from victims.
A Singapore-based threat intelligence firm reported the discovery of the ‘PostalFurious’ group in April 2023 after discovering smishing campaigns impersonating postal brands and rate operators in the Asia-Pacific region.
The group has now revealed that the flood of new phishing texts and iMessages in the United Arab Emirates are from the same group.
For more on SMS-based fraud, see IRS warns of ‘industrial-scale’ smishing surge.
Group-IB said it received spoofed messages asking UAE residents to pay for their car to avoid additional fines. The text message contains a shortened URL to obfuscate the real phishing domain and, when clicked, directs the user to a fake branded payment page.
A near-identical campaign impersonating a UAE postal operator, starting two weeks after the first one. Both use the same servers, and phishing messages are often sent from Malaysian or Thai numbers, or emails via iMessage via his address.
URLs in text asked individuals to enter personal and financial information such as name, address, and credit card information.
Group-IB said it was not clear how many people were targeted in the campaign, but customers of several UAE telecommunications companies received malicious SMS messages.
The phishing website itself appears to use access control techniques to avoid auto-detection and blocking, and can only be accessed from UAE-based IP addresses.
Group-IB tied the campaign to PostalFurious with some confidence, considering it uses the same infrastructure and code observed in the group’s previous work in APAC.
Laravel is used as the administration panel, and the phishing source code contains comments written in Simplified Chinese.
Group-IB Senior Cyber Investigation Specialist Anna Yurtaeva argued that phishing attackers are becoming more prolific and sophisticated.
“No longer can auto-blocks detect or stop them. People should always be vigilant and pay attention to scams in progress,” she added.
“The Postal Furious operation demonstrates the transnational nature of organized cybercrime and underscores the need for a coordinated and joint response involving the public, the private sector and governments.”
