BREAKING!! New SMS phishing campaign pretending to be from the United States Post Office being pushed out to cell phones today. So far the link in the SMS being used is this domain m9sxv[.]info. Here are a couple of sample texts we have collected. #infosec #malware #smish #osint
The m9sxv[.]info domain was just registered today and here are few sample links we have collected so far. @kyleehmke @RiskIQ @ydklijnsma #infosec #malware #smish #osint
There is a fair amount of victim fingerprinting going on based on the device ect... Here m9sxv[.]info immediately redirects to a jtuzd.rdtk[.]io link. #infosec #malware #smish #osint #phishing
We got one link to go a fake casino game but haven't fully investigated in a safe manner. Most of the time it appears to be looking for users that are logging into a Google account. I'm guessing to possibly steal credentials somehow,. #infosec #malware #smish #osint #phishing
Here is a previous thread we did on SMS phishing campaigns ... or #smish as the kids are now calling them. They come in all flavors and some are very clever and compelling #osint #malware #infosec #phishing
Good additional info and yes malvertising is a huge problem. And given these links go through a series of redirects all looking for specific indicators of the victim ... so can be sent just about anywhere by the end of the chain.
Based on the comments in the thread below it looks like
m5smz[.]info and m7smz[.]info have been previously used in the past few days. So it would appear they are rotating out the domains with slight variations every couple of days or so. #smish #infosec #osint
Since this USPS #smishing is getting more attention, including writeups in gizmodo.com/no-usps-spam-i… & tripwire.com just wanted 2b clear that we do not know whether there is any malware involved. It is likely credential harvesting, but that is also not confirmed #osint
With that said Gizmodo provides additional context around some replies we got talking about human trafficking, which on Tuesday made zero sense to us. Apparently, Q-anon cultists managed to turn this #smishing into a total tin-foil hat conspiracy.
gizmodo.com/no-usps-spam-i…
Here is the Tripwire article by @DMBisson about the USPS #smishing campaign we highlighted on Tues. There are two Alibaba IP addresses so far involved in the public facing SMS that host over 900 4-5 character domains #smish #infosec #osint #phishing

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric JN Ellason

Eric JN Ellason Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SlickRockWeb

6 Sep
Recent news report on current Russian election meddling said that one propaganda #infoOps by the Kremlin was 2 convince Americans that instead of having a childhood stutter, Joe Biden was actually suffering from dementia cc @jonkarl @donie @oneunderscore__
Looking at our archives we confirmed seeing something very similar 2 the draft bulletin titled “Russia Likely to Denigrate Health of US Candidates to Influence 2020 Election” from DHS analysts that was submitted to their public affairs office 4 review on July 7 but never released
As an example of Russian efforts to raise doubts about Biden's mental acuity, the draft bulletin points to a March story on a Russian proxy website that "refuted media claims that the candidate’s gaffes are a result of a stutter, instead arguing they were symptoms of dementia.”
Read 14 tweets
19 Aug
How embarrassing for @aaronjmate to be a favorite for Russian intel officer Konstantin Kilimnik. Aaron has been one of the biggest dupes on the far left to push the #RussiaHoax / #Russiagate idea in the 2016 elections. #infoOps #osint
@/PBaranenko was revealed 2 be the pseudonym 4 Russian intel officer Konstantin Kilimnik in Vol5 of the Senate Intel report on Russia. He interacted with & promoted all the usual suspects on the far left that have long sought 2 discredit the Mueller Report
The top URLs & hashtags pushed by Konstantin Kilimnik's accnt @/PBaranenko are mostly as expected. John Solomon gets alot of love as well. Looking forward to the new pretzel knots the #RussiaHoax / #Russiagate dupes will tie themselves into now #infoOps #osint #disinfo
Read 5 tweets
6 Aug
Very interesting new take down of a Romanian Troll farm of accounts posing at African Americans posing as Pro-Trump. Just Breaking story by @oneunderscore__ #infoOps #disinfo #osint #infosec

nbcnews.com/tech/tech-news…
The suggestion is this troll farm was run by this cutout fake account David Adrian @DavidAdrian_USA. This is his account before he changed it to a new one that got subsequently suspended. #infoOps
Here are a couple of memes David Adrian @DavidAdrian_USA from the Romanian troll farm recently tweeted. I was just able to pull them from the Google Cache. Guessing there will be more interesting stuff to glean from Archive[.]org
Read 13 tweets
3 Aug
Over the weekend a small group of Portland protestors decided 2 burn a Bible then a flag. The incentives are not clear & its also not clear how this relates 2 protesting Police Brutality. In any case Russian Ruptly was of course in exactly the right place to film it all. #InfoOps
Breitbart[.]com, saraacarter[.]com and zerohedge[.]com all used portions of the Kremlin aligned Ruptly video, but not showing initially the 2 protestors struggling to ripe the cover off one Bible & then place it correctly in the fire so the Ruptly cameraperson could zoom in on it
Again "a Bible" & "a flag". The two protestors that lit the flag on fire started waving the flaming flag on a long pole also conveniently caught on Russian backed Ruptly. Later the images were digitally altered to then make it appear protestors were burning a cross. @ushadrons
Read 15 tweets
30 Jul
Information previously classified, but has now been downgraded by US Officials so they could more freely discuss it, found Russian GRU intelligence officers are spreading disinformation about the #coronavirus pandemic through English-language websites. nytimes.com/aponline/2020/…
Two Russians, Denis Valeryevich Tyurin & Aleksandr Gennadyevich Starunskiy, have held senior roles in Moscow’s military intelligence service known as the GRU & have been identified as responsible for a #disinfo effort meant to reach American and Western audiences #osint #InfoOps
The three English websites that were singled out in the report were InfoRos[.]ru, Infobrics[.]org and OneWorld[.]press. A fourth site that targets a French audiences also appears to be linked ObservateurContinental[.]fr #disinfo #osint #InfoOps #infosec
Read 19 tweets
30 Jun
Okay #TuesdayThoughts PSA, there continues 2b accounts pushing out screenshots of fake tweets in hopes of discrediting and/or ginning up faux outrage towards opposing activist / political accounts. This happens on both sides. Here is just one past example #infosec #osint #disinfo
This fake Bernie supporter / troll @berniewon16 had been promoting the #TaraReade story & attacked anyone trying to research the lies & inconsistencies surrounding that story. Because of that @berniewon16 went after @KhiveQueenB and pushed this fake tweet #infosec #osint #disinfo
We checked both of her Khive accounts @KhiveQueenB and @KhiveQueenBee and neither one made any such tweet on May 16th. #infosec #osint #disinfo
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!