Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
N0rth0ftheW4ll 🇺🇲🇺🇦 Profile picture
N0rth0ftheW4ll 🇺🇲🇺🇦
@N0rth0ftheW4ll
Its always darkest before the sunrise....

Sep 15, 2020, 10 tweets

BREAKING!! New SMS phishing campaign pretending to be from the United States Post Office being pushed out to cell phones today. So far the link in the SMS being used is this domain m9sxv[.]info. Here are a couple of sample texts we have collected. #infosec #malware #smish #osint

The m9sxv[.]info domain was just registered today and here are few sample links we have collected so far. @kyleehmke @RiskIQ @ydklijnsma #infosec #malware #smish #osint

There is a fair amount of victim fingerprinting going on based on the device ect... Here m9sxv[.]info immediately redirects to a jtuzd.rdtk[.]io link. #infosec #malware #smish #osint #phishing

We got one link to go a fake casino game but haven't fully investigated in a safe manner. Most of the time it appears to be looking for users that are logging into a Google account. I'm guessing to possibly steal credentials somehow,. #infosec #malware #smish #osint #phishing

Here is a previous thread we did on SMS phishing campaigns ... or #smish as the kids are now calling them. They come in all flavors and some are very clever and compelling #osint #malware #infosec #phishing

Good additional info and yes malvertising is a huge problem. And given these links go through a series of redirects all looking for specific indicators of the victim ... so can be sent just about anywhere by the end of the chain.

Based on the comments in the thread below it looks like
m5smz[.]info and m7smz[.]info have been previously used in the past few days. So it would appear they are rotating out the domains with slight variations every couple of days or so. #smish #infosec #osint

Since this USPS #smishing is getting more attention, including writeups in gizmodo.com/no-usps-spam-i… & tripwire.com just wanted 2b clear that we do not know whether there is any malware involved. It is likely credential harvesting, but that is also not confirmed #osint

With that said Gizmodo provides additional context around some replies we got talking about human trafficking, which on Tuesday made zero sense to us. Apparently, Q-anon cultists managed to turn this #smishing into a total tin-foil hat conspiracy.
gizmodo.com/no-usps-spam-i…

Here is the Tripwire article by @DMBisson about the USPS #smishing campaign we highlighted on Tues. There are two Alibaba IP addresses so far involved in the public facing SMS that host over 900 4-5 character domains #smish #infosec #osint #phishing

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling