Hackread reports that more than 2,000 phishing websites have utilized the new phishing kit dubbed "Xiū gǒu," which means "doggo" in Mandarin, to facilitate scams concerning government payments, postal services, and motorists against users in the U.S., Australia, Japan, Spain, and the UK since September.
Attacks involved the use of Rich Communication Services messages indicating false payments that included links redirecting to websites spoofing government agencies, postal services, and banking entities, including the U.S. Postal Service, Linkt, and Lloyds, according to a Netcraft report. Inputted personal and payment information is then exfiltrated by threat actors leveraging the phishing kit, which conceals malicious activity through the anti-bot and hosting obfuscation features of Cloudflare. "The author has also chosen to measure and analyze the use of their kit, most likely so that they can optimize and improve their competitiveness over time. We also get a sense of how — as with the doggo mascot — authors inject personality and humour into their kits, leaving their own distinctive mark," said researchers.