Phishing campaign targets KFC, McDonald’s in Saudi Arabia, UAE, Singapore

KFC and McDonald’s customers were targeted in phishing campaigns in Saudi Arabia, the United Arab Emirates and Singapore, with some of their payment details being successfully stolen by attackers.

Discovered by security researchers CloudSEKthe first of these campaigns took place via a domain impersonating the Google Play Store and displaying a malicious browser-based Chrome app.

After landing on the malicious URL and clicking the download button, the text on the button changes to “Install”, which in turn prompts the user to install the browser application “KFC Saudi Arabia 4+”.

“After installation, a desktop shortcut to the same application is created on the user’s desktop,” CloudSEK wrote in an announcement published over the weekend.

“Double click on the KFC Saudi Arabia 4+ app opens a chrome app window which loads the site […], which appears to drop when analyzed. “

In addition, the team found a second site that pointed to KFC phishing.

“The site is a sophisticated and well-crafted phishing campaign used to steal victims’ card details,” CloudSEK wrote.

“When victims try to place an order on the phishing site, they see a pop-up asking them to fill in their details in a form.”

According to the announcement, the form is well-designed to provide users with suggestions while filling in addresses using the Google Maps API.Additionally, the site only accepts Rune algorithm to ensure that the submitted card is valid.

“After submitting card details, victims are prompted to provide a one-time password (OTP) received via SMS,” reads the CloudSEK technical article.

“After entering the OTP, the victim was taken to another website impersonating McDonald’s, […] As of this writing, the site is inactive. “

Using passive DNS and reverse IP lookups, CloudSEK researchers discovered additional domains hosted on servers used by sites impersonating KFC and McDonald’s.

“Users should be vigilant when visiting the site and submitting their PII and banking information,” CloudSEK warned.

This consult Companies are also advised to identify and report domains impersonating brand names and trademarks, and to conduct inclusivity campaigns to educate customers about the organization’s processes.

More generally, threat actors evolve tactics, as do phishing attempts.For example, security researchers at Proofpoint recently discovered Phishing campaigns using Microsoft Sway.