Sign in Subscribe

The Milo x Ramadhan Phishing Campaign

Chaah

3 min read
The Milo x Ramadhan Phishing Campaign
Photo by YAW ANSU-KYEREMEH / Unsplash

Ramadan Mubarak y'all

All Praise to Allah S.W.T that give us the opportunity to celebrate Ramadhan this year. It's the time to do a gap analysis, check your spiritual state and realise in the end that food is just a fuel for the body.

The Devil in the Hidden World might be tied up for upcoming days, but the mischievous manifest phishers ain't gonna stop.

Earlier this morning my wife forwarded me a whatsapp post that goes like this :

So many wrong and 

The redflag is obvious right:

  • The domain in the link is www.milo.com.ph
  • But the URL given is cabbageivory.cn

So let's start our analysis. Taking from curl, as usual bad actors also hide behind WAF/CDN protections such as cloudflare

If someone clicks on the link there will be redirecte to the following URL. I suspect the URL is randomly generated and registered on the fly :

https://ky3eu6.cn/TlcfOb5Y/milomyq/?_t=1680138216168

In some other instance the doomain is 7zoyco.cn  

The issuer for the SSL certifcate is form Google .

In any case further investigation  the phishing page is will be randomly generated with 8 characters. The target for this campaign is for mobile users as it won't render correctly on normal web browser.

You can answer how you like at some point you will always win.

Yeah Winner

After all the fun parts , come the evil

The money image sadly comes from a blogspot pic.

AS for the rest of the fake testimonial, the profile pictures are stored at :

https://cdnbun.com/upload/Angel-Chua.jpg

  • https://cdnbun.com/upload/Char-Hooi-Ching.jpg
  • https://cdnbun.com/upload/Firdaus-Ahid.jpg
  • https://cdnbun.com/upload/Wennie-Wennie.jpg
  • https://cdnbun.com/upload/Yilia-Qi.jpg
  • https://cdnbun.com/upload/Yin-Yin.jpg
  • https://cdnbun.com/upload/Yong-Qiqi.jpg
  • https://cdnbun.com/upload/milophq-box1.png
  • https://cdnbun.com/upload/milophq-box2.png
  • https://cdnbun.com/upload/milophq-box3.png
  • https://cdnbun.com/upload/milophq-left.png
  • https://cdnbun.com/upload/milophq-m6.png
  • https://cdnbun.com/upload/milophq-right.png
  • https://cdnbun.com/upload/milophq-show6.jpg

Further download or clicking would be pointless as this is really a scam after all.

Sign up for more like this.

Enter your email
Subscribe