Researchers from Netcraft have uncovered a new phishing set called XIūU that has been used in targeted campaigns against Australia, Japan, Spain, Great Britain, and the USA since September 2024. Over 2000 phishing sites have been identified using this set, with attacks targeting a wide range of sectors including state structures, postal services, digital services, and banking services.
Developed by a Chinese-language developer, XIū GǒU simplifies access to phishing attacks, even for low-skilled hackers, potentially leading to an increase in attacks aimed at stealing confidential information. The set includes an admin panel created using Golang and Vue.js and supports data exfiltration via Telegram.
Criminals using XIū GǒU often exploit the capabilities of Cloudflare to bypass antibot protection and mask hosting, making it challenging to identify malicious sites.
These attacks are distributed through Rich Communication Services (RCS) messages, with notifications about parking fines and failed deliveries. The messages contain shortened links prompting users to pay fines or update their addresses. RCS is available on Apple Messages for iOS 18 and Google Messages for Android, supporting file exchange, text typing indicators, and encryption.
Google has recently announced enhancements in phishing defense, incorporating machine learning models to identify fraudulent messages. Users in India, Thailand, Malaysia, and Singapore will receive warnings about potentially harmful links. Additionally, a feature that automatically hides messages from international senders not in contacts is being tested in Singapore.