New Phishing Technique Outfoxes Site Owners: Operation Huyao

November 5, 2014 – 5:47 PM

We’ve found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims.

This technique we found allows for the creation of nearly perfect copies – because the attacker no longer needs to create a copy of the site at all. Instead, the phishing page only contains a proxy program, which acts as a relay to the legitimate site. Only when any information theft needs to be carried out are any pages modified. The owners of the legitimate site would find it very difficult to detect these attacks against their customers.

We decided to call this particular attack Operation Huyao. In Chinese, huyao means a monstrous fox. The rather sneaky behavior of this attack, together with the fact that we believe the creators of this attack are located in China, made this name feel rather appropriate.


You must be logged in to post a comment.