CoGUI’s Massive Phishing Surge
CoGUI, a new phishing kit, unleashed over 580 million fake emails from January to April 2025. These emails trick users into sharing account credentials and payment details. For example, they mimic trusted brands like banks and tax agencies. Most attacks target Japan, but some hit the U.S., Canada, Australia, and New Zealand.
How the Attacks Work
The emails urge immediate action, often including links to fake websites. These sites only activate if the user’s device meets specific criteria, like IP address or browser language. According to a report, CoGUI sent 172 million emails in January 2025 alone. The high volume makes it one of the largest phishing campaigns tracked today.
Similarities to Other Threats
Researchers initially linked CoGUI to the Darcula phishing kit, used by China-based hackers. However, further analysis showed the two are unrelated, despite sharing similar tactics. CoGUI has been active since October 2024, with researchers tracking it from December. Its sophisticated design allows it to evade detection easily.
Targeting Multiple Countries
While Japan faces the brunt of CoGUI’s attacks, other countries see smaller campaigns. For instance, U.S. users receive smishing texts about unpaid tolls. These lures trick victims into visiting phishing sites. Therefore, CoGUI’s flexibility makes it a global threat, adaptable to various cybercrime groups.
Preventing CoGUI Phishing Attacks
To avoid CoGUI scams, users should verify emails before clicking links. For example, check the sender’s address for suspicious domains. Additionally, enable two-factor authentication on accounts to block unauthorized access. Organizations can train employees to spot phishing signs and use email filters to reduce risks. Staying cautious helps protect sensitive data from these widespread attacks.
Sleep well, we got you covered.
