Phishing campaign against Italian users of

The Threat Intelligence Team of D3Lab in the analysis and fight against online fraud detected on March 3 the creation of a new Ad Hoc domain containing a phishing site against Italian users of is a cryptocurrency exchange app based in Singapore. The app currently has 10 million users and 3,000 employees. {Wikipedia}

The campaing spread through the creation of a new Ad Hoc domain and text messages (smishing) asking to the victim their email, password and phone number

And finally warn the victim that there was an error and they will be contacted. Probably a telephone contact, as much used in the last two years by criminals towards Italian users.

Analyzing the DropZone (where criminals store stolen credentials) 24 hours after domain activation there are more than 20 unique victims.

Domains Email of the victims

The phishing kit analyzed is very similar to multiple phishing kits against Italian banks. It is likely that the same criminals are expanding fraud to other entities/sectors.

Finally, we always advise users to pay attention and never provide their personal information.