CyRadar detects phishing scam impersonating Zalo

CyRadar - Advanced Threads Detection System gave a warning that zaloapp.mobi could be a phishing domain.

According to Nguyen Minh Duc in charge of CyRadar project, this phishing domain was not yet discovered by other security software. "We developed CyRadar’s algorithm based on predictive analytics to predict phishing attacks by evaluating domain names and websites as soon as they are registered and set up," said Duc. "Therefore, CyRadar discovered the phishing scam impersonating Zalo among more than 150,000 newly registered domains on December 12. We also analyzed the semantics of the domain name and related information such as IP address, Whois information ... to recognize zaloapp.mobi as a phishing domain”.

As soon as accessing zaloapp.mobi, users will be "invited" to enter phone number and password Zalo. Then, this website will lead them to an "award-winning" site. Besides, they have to enter personal information including name, address, telephone number, identity card etc.

"With Malware Graph algorithm, we also discovered that zaloapp.mobi was pointing to a server:  143.95.63.79 containing phishing sites. Many new domain names have just been created recently,” Duc added. According to him, most of these phishing sites are not recognized by the other security software. “We take the lead in the trend of predictive analytics".