Intrusions with CoGUI commenced with the distribution of phishing emails urging immediate recipient action that include a URL redirecting to a phishing site should pre-defined criteria, including IP addresses, operating systems, browser language, device type, and screen resolution, be met, according to an analysis from Proofpoint. U.S.-targeted smishing campaigns involving unpaid toll payment lures have also been supported by CoGUI before being transferred to the unrelated Darcula phishing kit, with which it shares a number of similar features. While CoGUI is believed to have been enabling malicious activity for mostly Chinese threat actors, such a phishing kit could also be tapped by other cybercrime operations to compromise other countries, researchers added.
Get essential knowledge and practical strategies to fortify your identity security.