China-based smishing and fake e-commerce phishing campaign
Campaign
Summary
Hide ▲
Show ▼
A China-based phishing campaign has escalated into mass-registered scam domains and SMS lures for rewards points, tax refunds, and fake retail deals, increasing risk for U.S. consumers during the holiday shopping season. The operation uses iMessage and RCS to deliver links that harvest names, addresses, phone numbers, and payment card data. It then tries to enroll stolen card details into Apple or Google mobile wallets, creating a direct path to unauthorized charges and account abuse.
Related Happenings
Magecart Stripe and Google Tag Manager card-skimming campaign
Campaign
H score36
First: 04.06.2026 23:47
Last: 04.06.2026 23:47
Sources 1
About this happening:
The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...
Magecart Stripe and Google Tag Manager card-skimming campaign
CampaignAbout this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...
AccountDumpling Google AppSheet Facebook phishing campaign
Campaign
H score31
First: 01.05.2026 21:09
Last: 01.05.2026 21:09
Sources 1
About this happening:
A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
AccountDumpling Google AppSheet Facebook phishing campaign
CampaignAbout this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
FakeWallet Apple App Store wallet-stealing apps
Malware Activity
H score8
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet Apple App Store wallet-stealing apps
Malware ActivityAbout this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet crypto wallet phishing campaign targeting users in China
Campaign
H score14
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
FakeWallet crypto wallet phishing campaign targeting users in China
CampaignAbout this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
Latest development: 24.04.2026 14:48
Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.
Apple account change notification phishing campaign
Campaign
H score30
First: 19.04.2026 19:03
Last: 19.04.2026 19:03
Sources 1
About this happening:
A **callback phishing campaign** is abusing **Apple account change notifications** to deliver fake **iPhone purchase** scams through legitimate emails, making the lure look authen...
Apple account change notification phishing campaign
CampaignAbout this happening: A **callback phishing campaign** is abusing **Apple account change notifications** to deliver fake **iPhone purchase** scams through legitimate emails, making the lure look authen...
Timeline
-
05.12.2025 01:02 2 articles · 7mo ago
China-based phishing campaign widens from package scams to mobile-wallet and fake retail lures
Campaign Scope UpdateChina-based phishing groups are using a broader mobile phishing operation that includes T-Mobile rewards-point lures, AT&T targeting, and U.S. state tax-refund spoofing. The same kits also mass-create fake e-commerce storefronts that collect names, addresses, phone numbers, payment card data, and one-time codes, then attempt to enroll the phished cards in Apple or Google mobile wallets. The phishing messages are delivered through Apple’s iMessage service and Google’s RCS messaging service, and the fake retail sites can be advertised on Google and Facebook and remain hard to detect for long periods.
Show sources
- SMS Phishers Pivot to Points, Taxes, Fake Retailers — krebsonsecurity.com — 05.12.2025 01:02
- SMS Phishers Pivot to Points, Taxes, Fake Retailers — krebsonsecurity.com — 05.12.2025 01:02