TZUTC: -0500
MSGID: 1336.consprcy@1:2320/105 2cfde1ca
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Massive leak of over 115 million US payment cards caused by Chinese 
"smishing" hackers - find out if you're affected

Date:
Sun, 10 Aug 2025 05:04:00 +0000

Description:
A massive phishing campaign driven by mobile attacks and Telegram-based kits
may have exposed over 115 million US cards without breaching banks directly.

FULL STORY

A wave of advanced phishing campaigns, traced to Chinese-speaking
cybercriminal syndicates, may have compromised up to 115 million US payment
cards in just over a year, experts have warned. 

Researchers at SecAlliance revealed these operations represent a growing
convergence of social engineering, real-time authentication bypasses, and
phishing infrastructure designed to scale. 

Investigators have identified a figure referred to as Lao Wang as the 
original creator of a now widely adopted platform that facilitates
mobile-based credential harvesting.

Identity theft scaled through mobile compromise

At the center of the campaigns are phishing kits distributed through a
Telegram channel known as dy-tongbu, which has rapidly gained traction among
attackers. 

These kits are designed to avoid detection by researchers and platforms 
alike, using geofencing, IP blocks, and mobile-device targeting. 

This level of technical control allows phishing pages to reach intended
targets while actively excluding traffic that might flag the operation. 

The phishing attacks typically begin with SMS, iMessage, or RCS messages 
using everyday scenarios, such as toll payment alerts or package delivery
updates, to drive victims toward fake verification pages. 

There, users are prompted to enter sensitive personal information, followed 
by payment card data. 

The sites are often mobile-optimized to align with the devices that will
receive one-time password (OTP) codes, allowing for immediate multi-factor
authentication bypass. 

These credentials are provisioned into digital wallets on devices controlled
by attackers, allowing them to bypass additional verification steps normally
required for card-not-present transactions. 

Researchers described this shift to digital wallet abuse as a fundamental
change in card fraud methodology. 

It enables unauthorized use at physical terminals, online shops, and even 
ATMs without requiring the physical card. 

Researchers have observed criminal networks now moving beyond smishing
campaigns. 

There is growing evidence of fake ecommerce sites and even fake brokerage
platforms being used to collect credentials from unsuspecting users engaged 
in real transactions. 

The operation has grown to include monetization layers, including pre-loaded
devices, fake merchant accounts, and paid ad placements on platforms like
Google and Meta. 

As card issuers and banks look for ways to defend against these evolving
threats, standard security suites , firewall protection , and SMS filters may
offer limited help given the precision targeting involved. 

Given the covert nature of these smishing campaigns, there is no single 
public database listing affected cards. However, individuals can take the
following steps to assess possible exposure:

Review recent transactions
Look for unexpected digital wallet activity
Monitor for verification or OTP requests you didnt initiate
Check if your data appears in breach notification services
Enable transaction alerts

Unfortunately, millions of users may remain unaware their data has been
exploited for large-scale identity theft and financial fraud, facilitated not
through traditional breaches. 

Via Infosecurity

======================================================================
Link to news story:
https://www.techradar.com/pro/security/massive-leak-of-over-115-million-us-pay
ment-cards-caused-by-chinese-smishing-hackers-find-out-if-youre-affected

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426