A New Fraud Site, Fangxiao, Is Doing Brand Impersonating With Over 42,000 Sites

A fraudulent group named Fangxiao has created over 42,000 malicious websites and domains which impersonate many well-known brands. But in reality, this impersonation is used for directing users to many dating apps, adware apps, and giveaways. This is a scheme to generate traffic to the websites and produce revenues for Fangxiao. Cyjax made a detailed report about it which states that these website facilitators are based near China. The report also tells us that this company has been working since 2017 and they have been impersonating many brands which include the ones from retail, bank, pharmaceuticals, financial, and many others. They also include MacDonalds, Knorr, Emirates, Unilever, etc.

It was seen that many Fangxiao websites redirect visitors to sites that contain malware, especially Triada trojan.

Fangxiao registers about 300 brand-impersonating domains daily. These domains are used to bring more traffic to the sites. According to the statistics, about 24,000 domains have been registered since March 2022. Fangxiao mostly uses .top, TLD and then there's always something like .cn, .cyou, .xyz, and .tech present. This is the way to detect a malicious website. Another way to check about these websites is that they are introduced by Cloudfare and are mostly made on GoDaddy, Namecheap, and Wix.

Most of the users who stumble across these websites are because of the advertisements on their mobile and through WhatsApp groups by a link. Most of the time, the WhatsApp link tells the user that he has won something from a well-known brand. The user clicks on the links and that's how the malware is incorporated into the user's system. Then the users are asked to do a survey. Usually, these surveys are with a timer so the users do not get distracted and see that it's a fraud. Sometimes after the survey, users are asked to download an app that they have to launch on their mobiles.

The sign that you are using an unauthentic website is that you will be redirected to another website. And sometimes the website is marked as "suspicious" too. Another location where Fangxiao is seen is on the Play Store page of App Boaster Lite- RAM Booster. The interesting fact is that this app has over 10 million downloads. Cyjax has published an extensive study about Fangxiao that you should read about.


Read next: Email or Blackmail? Your Suspicious Emails are Just Popping ‘MALWARE’
Previous Post Next Post