Criminal Group Impersonated Well-Known Brands to Plant Banking Trojans
Hong Kong police disrupted a global phishing syndicate operating hundreds of servers across the globe along with a slew of fake mobile applications aimed at stealing personal and banking information.
The law enforcement operation, dubbed Magicflame and supported by Interpol, lasted 11 months, reported the South China Morning Post.
Attackers sent victims phishing SMS messages that appeared to originate from a legitimate source, directing them to download an app. The app in fact was a banking Trojan that stole personal information such as bank account and credit card details, phone contacts and photographs. Servers located in Hong Kong received stolen data before forwarding it on to other infrastructure controlled by the phishing gang.
“We believe it was an overseas-based syndicate that made use of the city’s internet network to carry out illegal activities. We believe the syndicate ceased its illegal operations after the joint operation with Interpol,” Hong Kong police Senior Superintendent Raymond Lam Cheuk-ho told the newspaper.
Police officials told the newspaper that hackers behind the campaign masqueraded as well-known brands. Its operators resided in China, the Philippines and Cambodia and frequently switched servers to avoid detection. Seized servers showed personal data stolen from 519 phones whose owners reside mostly in Japan and South Korea.
Cybercriminals routinely spoof well-known financial institutions to target users with banking Trojans and steal their financial information. The Hong Kong Monetary Authority on Tuesday warned about criminals running a fake website that masqueraded as DBS Bank Hong Kong’s website. The authority issued a similar warning on Jan. 16 about criminals using the HSBC brand name in fraudulent websites and phishing emails.