CoGUI Phish Kit Targets Japan with Millions of Messages

May 6, 2025, 9:41 p.m.

Description

A sophisticated phishing kit named CoGUI is targeting Japanese organizations with high-volume campaigns, primarily impersonating consumer and finance brands to steal credentials and payment data. The kit employs advanced evasion techniques like geofencing and fingerprinting to avoid detection. Since October 2024, CoGUI campaigns have sent millions of messages monthly, peaking at 172 million in January 2025. While mainly focused on Japan, some campaigns have targeted other countries. The kit shares similarities with Darcula, another phishing framework used by Chinese-speaking actors. CoGUI's activity aligns with recent warnings from Japanese financial authorities about increased phishing attacks leading to financial theft.

External References

https://www.proofpoint.com/us/blog/threat-insight/cogui-phish-kit-targets-japan-millions-messages
https://otx.alienvault.com/pulse/681a72feaa4cdb32c7d870d5
Tags
phishing
credential theft
brand impersonation
2025-05-06
darcula
cogui

Date

  • Created: May 6, 2025, 8:37 p.m.
  • Published: May 6, 2025, 8:37 p.m.
  • Modified: May 6, 2025, 9:41 p.m.

Indicators

  • sunpass.com-tyjr.cc
  • kzongfd.bo5wfb0f9.top
  • zjkso.cn
  • uhlkg.cn
  • evrryday.com
  • etcady.xin
  • ezdrivema.com-kpy.win
Download all indicators here!

Attack Patterns

  • CoGUI

Additional Informations

  • Retail
  • Finance
  • New Zealand
  • Australia
  • Canada
  • Japan
  • United States of America