Funny triad: The fraud group steals the wealth of the world

It is often referred to as one of the most prominent actors from the active actors as the trinity of antiquities-although security researchers collect the actors and companies affiliated Modern research By the silent security company.

The research says that about 200,000 fields have been used by the group in recent years, with about 187 areas of the highest-level-like level. During one period recently for 20 days, there were more than a million visits to the fraud sites used by the Smorish Triad triad, according to Silent Push.

In addition to collecting names, email messages, addresses and bank cards details, web sites also push people to enter one -time passwords or authentication symbols that allow criminals Add bank cards to Apple Pay or Google WalletAllow them to use cards while on the other side of the world.

“They have turned an effective digital portfolio, such as Apple Pay or Google Wallet, into the best device to dry the cards we have invented ever,” Merrill says.

In Telegram groups associated with Cyberrenal’s organizations, some members share photos and videos of bank cards that are added to digital portfolios on iPhone and Androids. For example, in one video, it is claimed that the fraudsters offer dozens of virtual cards that they gave them to the phones they use.

Merrill says that criminals may not make payments using the cards that he gave to the digital portfolios, but may not take a long time.

“When we started seeing this for the first time, they were waiting for between 60 and 90 days before they steal the money from the cards,” adding that the criminals would allow the cards “age” on a device in an attempt to look legitimate. “Nowadays, you will be lucky if they wait for seven days or even two days. Once they get to the card, they hit it with force and fast.”

“Security is the essence of the Google Wallet experience, and we are working closely with cards to prevent fraud,” says Olivia Operation, Google Communications Manager. “For example, banks notify clients when their card is added to a new wallet, and we offer signals to help exporters discover fraudulent behavior so that they can determine whether the added cards will be approved.”

Apple did not respond to WIRED request for comment.

The ecosystem of giant fraud is partially operated through the underground fraud services. Results from the Security Company SecurityWhich follows the Trinity of Smorish for more than two years, says the group uses SMS “wholesale” and messaging services as it expanded the number of messages he sends.

Meanwhile, as many security researchers noticed, the Smorish Triad group also uses its own program, called Lightthouse, to collect and manage personal information and individual cards details. Video clip of the LightHouse program originally jointly on Telegram and It was re -published with silent payment It shows how the system collects the card details.

The latest version of the program, which was updated in March of this year, “targets dozens of financial brands” including PayPal, MasterCard, Visa, Stripe and Silent Push He says. In addition, the research says, Australian banking brands appear to have committed suicide, indicating more expansion of goals.