Our team is currently investigating a new phishing campaign targeting Nigerians. This threat group employs a deceptive shopping module to lure victims via WhatsApp, aiming to collect sensitive financial information, including credit card details and login credentials. Once obtained, this information is used to transfer funds from the victims' accounts.

In our investigation, we uncovered that the threat group's infrastructure hosts a deceptive script, and we have identified four domains that are all serving the same malicious content.

The code primarily handles image loading optimization, menu interactions, user login checks, and loading external scripts. If this page has been associated with phishing or malicious activities, it could be due to how the login checks and redirects are implemented, potentially misleading users into providing sensitive information.

To help raise awareness and protect potential victims, we have included additional Indicators of Compromise (IOCs) related to this campaign below. It’s crucial for users to remain vigilant and cautious when sharing personal information online.

Indicators of Compromise

• https[:]//www.sasmkj[.]com/
• https[:]//www.nejknj[.]com/
• https[:]//www.ehgldnwu[.]com/
• https[:]//jmytxxuy[.]com/