Summary: Researchers have identified an ongoing SMS phishing campaign targeting toll road users in the U.S., aimed at financial theft. The campaign, attributed to multiple threat actors using a specialized phishing kit from China, spreads fraudulent messages mimicking electronic toll systems. Victims are misled into providing personal information through fake payment portals after clicking embedded links in the messages.
Affected: Toll road users in the United States, particularly users of electronic toll collection systems (e.g., E-ZPass)
Keypoints :
- Multiple threat actors are involved in the campaign, utilizing a phishing kit created by Wang Duo Yu.
- Victims receive messages about unpaid tolls, directing them to fraudulent sites where they input sensitive information.
- The phishing kits have been backdoored to exfiltrate victim data, complicating detection and prevention efforts.
- Cybercriminals have targeted over 60,000 domain names to carry out the smishing scheme.
- The group behind the attack is also linked to larger-scale smishing operations and has unique tactics of “double theft” to maximize data capture.
Source: https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html