A new smishing campaign targeting US citizens, according to a report by The Hacker News on September 4, 2023. The campaign is orchestrated by a Chinese group called Smishing Triad, which uses compromised Apple iCloud accounts to send deceptive iMessages to collect personal information and payment details.
This campaign is unique in that it uses iMessages instead of traditional SMS or calls. The attackers have registered almost 30 different domain names and offer “smishing kits” to other cybercriminals.
In addition to smishing, Smishing Triad also provides customized phishing kits to other cybercriminals. The group registers domains mostly using the “.top” top-level domain and protects them with Cloudflare.
Smishing Triad has previously targeted postal and delivery services in various countries. Cybersecurity company Zimperium’s research team is constantly monitoring newly registered domains to detect those that could be used for phishing attacks.
Zimperium’s machine learning engine is proactively stopping the links used in this campaign and rendering the attack ineffective. This is done without requiring any engine or heuristics database file update and is effective even for devices using Zimperium’s “on-device” only phishing solution.