Massive leak of over 115 million US payment cards caused by Chinese
"smishing" hackers - find out if you're affected

Date:
Sun, 10 Aug 2025 05:04:00 +0000

Description:
A massive phishing campaign driven by mobile attacks and Telegram-based kits may have exposed over 115 million US cards without breaching banks directly.

FULL STORY

A wave of advanced phishing campaigns, traced to Chinese-speaking
cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned.

Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale.

Investigators have identified a figure referred to as Lao Wang as the
original creator of a now widely adopted platform that facilitates
mobile-based credential harvesting.

Identity theft scaled through mobile compromise

At the center of the campaigns are phishing kits distributed through a
Telegram channel known as dy-tongbu, which has rapidly gained traction among attackers.

These kits are designed to avoid detection by researchers and platforms
alike, using geofencing, IP blocks, and mobile-device targeting.

This level of technical control allows phishing pages to reach intended
targets while actively excluding traffic that might flag the operation.

The phishing attacks typically begin with SMS, iMessage, or RCS messages
using everyday scenarios, such as toll payment alerts or package delivery updates, to drive victims toward fake verification pages.

There, users are prompted to enter sensitive personal information, followed
by payment card data.

The sites are often mobile-optimized to align with the devices that will receive one-time password (OTP) codes, allowing for immediate multi-factor authentication bypass.

These credentials are provisioned into digital wallets on devices controlled
by attackers, allowing them to bypass additional verification steps normally required for card-not-present transactions.

Researchers described this shift to digital wallet abuse as a fundamental change in card fraud methodology.

It enables unauthorized use at physical terminals, online shops, and even
ATMs without requiring the physical card.

Researchers have observed criminal networks now moving beyond smishing campaigns.

There is growing evidence of fake ecommerce sites and even fake brokerage platforms being used to collect credentials from unsuspecting users engaged
in real transactions.

The operation has grown to include monetization layers, including pre-loaded devices, fake merchant accounts, and paid ad placements on platforms like Google and Meta.

As card issuers and banks look for ways to defend against these evolving threats, standard security suites , firewall protection , and SMS filters may offer limited help given the precision targeting involved.

Given the covert nature of these smishing campaigns, there is no single
public database listing affected cards. However, individuals can take the following steps to assess possible exposure:

Review recent transactions
Look for unexpected digital wallet activity
Monitor for verification or OTP requests you didnt initiate
Check if your data appears in breach notification services
Enable transaction alerts

Unfortunately, millions of users may remain unaware their data has been exploited for large-scale identity theft and financial fraud, facilitated not through traditional breaches.

Via Infosecurity

======================================================================
Link to news story: https://www.techradar.com/pro/security/massive-leak-of-over-115-million-us-pay ment-cards-caused-by-chinese-smishing-hackers-find-out-if-youre-affected

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)