KFC and McDonald’s customers were targeted via phishing campaigns across Saudi Arabia, UAE and Singapore, with payment details of some of them successfully stolen by attackers.
Spotted by security researchers at CloudSEK, the first of these campaigns worked via a domain impersonating the Google Play Store and displaying a malicious, browser–based application for Chrome.
Upon landing on the malicious URL and clicking on the download button, the text on the button changes to ‘Install,’ which in turn prompts the user to install the browser application ‘KFC Saudi Arabia 4+.’
“After installation, a desktop shortcut for the same application is created on the user’s desktop,” CloudSEK wrote in an advisory published over the weekend.
“Double–Clicking the KFC Saudi Arabia 4+ app opens a chrome application window, which loads the site […], which seems to be down at the time of analysis.”
Further, the team also discovered a second website pointing to KFC–focused phishing.
