BREAKING!! New SMS phishing campaign pretending to be from the United States Post Office being pushed out to cell phones today. So far the link in the SMS being used is this domain m9sxv[.]info. Here are a couple of sample texts we have collected. #infosec #malware #smish #osint
The m9sxv[.]info domain was just registered today and here are few sample links we have collected so far. @kyleehmke @RiskIQ @ydklijnsma #infosec #malware #smish #osint
There is a fair amount of victim fingerprinting going on based on the device ect... Here m9sxv[.]info immediately redirects to a jtuzd.rdtk[.]io link. #infosec #malware #smish #osint #phishing
We got one link to go a fake casino game but haven't fully investigated in a safe manner. Most of the time it appears to be looking for users that are logging into a Google account. I'm guessing to possibly steal credentials somehow,. #infosec #malware #smish #osint #phishing
Here is a previous thread we did on SMS phishing campaigns ... or #smish as the kids are now calling them. They come in all flavors and some are very clever and compelling #osint #malware #infosec #phishing https://twitter.com/slickrockweb/status/1276593444409020416
Good additional info and yes malvertising is a huge problem. And given these links go through a series of redirects all looking for specific indicators of the victim ... so can be sent just about anywhere by the end of the chain. https://twitter.com/File411/status/1305904924459503621?s=20
Based on the comments in the thread below it looks like
m5smz[.]info and m7smz[.]info have been previously used in the past few days. So it would appear they are rotating out the domains with slight variations every couple of days or so. #smish #infosec #osint
You can follow @SlickRockWeb.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: