A new smishing kit named "Panda Shop" has emerged, linked to Chinese cybercriminals and believed to be a rebranded evolution of the Smishing Triad. This kit enables large-scale phishing campaigns targeting global consumers and financial institutions.

Chinese cybercriminals are especially active in NFC-enabled fraud and are known for their well-established money laundering chains across multiple continents. They arrange for an NFC-enabled POS terminal and a merchant account linked to it.

The Smishing Triad group has been linked to a surge in smishing campaigns targeting the U.S. and the U.K. The fraudulent text messages claim unpaid toll bills or payment requests related to toll services like FasTrak, E-ZPass, and I-Pass.

The campaign, conducted by a group called "Smishing Triad," impersonates various postal services and government agencies to deceive victims into providing personal and financial information.

Early occurrences of EvilProxy have been initially identified in connection to attacks against Google and MSFT customers who have MFA enabled on their accounts – either with SMS or Application Token.

MLNK Builder has emerged on the dark web with its new version (4.2), and the updated feature-set focuses on AV evasion and masquerading with icons from legitimately popular applications and file formats.

The average time allocated for payment varies between 5-7 days, to give the victim some time to purchase BTC or XMR cryptocurrency. In case of difficulties, the victim may engage an “intermediary” for further recovery process.