Close Menu
TechurzTechurz
    What's Hot

    Humble Robotics’ CEO says the tech finally caught up to the vision for autonomous vehicles

    July 1, 2026

    Autonomous vehicle hype is back, and Humble Robotics is bringing it to freights

    July 1, 2026

    Builders Stage agenda revealed for Disrupt 2026

    July 1, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Humble Robotics’ CEO says the tech finally caught up to the vision for autonomous vehicles
    • Autonomous vehicle hype is back, and Humble Robotics is bringing it to freights
    • Builders Stage agenda revealed for Disrupt 2026
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Guides - Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall
    Guides

    Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall

    TechurzBy TechurzAugust 10, 2025Updated:May 12, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Mobile Security
    Share
    Facebook Twitter LinkedIn Pinterest Email


    • Phishing attacks now bypass multi-factor authentication using real-time digital wallet provisioning tactics
    • One-time passcodes are no longer enough to stop fraudsters with mobile-optimized phishing kits
    • Millions of victims were targeted using everyday alerts like tolls, packages, and account notices

    A wave of advanced phishing campaigns, traced to Chinese-speaking cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned.

    Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale.

    Investigators have identified a figure referred to as “Lao Wang” as the original creator of a now widely adopted platform that facilitates mobile-based credential harvesting.


    You may like

    Identity theft scaled through mobile compromise

    At the center of the campaigns are phishing kits distributed through a Telegram channel known as “dy-tongbu,” which has rapidly gained traction among attackers.

    These kits are designed to avoid detection by researchers and platforms alike, using geofencing, IP blocks, and mobile-device targeting.

    This level of technical control allows phishing pages to reach intended targets while actively excluding traffic that might flag the operation.

    The phishing attacks typically begin with SMS, iMessage, or RCS messages using everyday scenarios, such as toll payment alerts or package delivery updates, to drive victims toward fake verification pages.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    There, users are prompted to enter sensitive personal information, followed by payment card data.

    The sites are often mobile-optimized to align with the devices that will receive one-time password (OTP) codes, allowing for immediate multi-factor authentication bypass.

    These credentials are provisioned into digital wallets on devices controlled by attackers, allowing them to bypass additional verification steps normally required for card-not-present transactions.

    Researchers described this shift to digital wallet abuse as a “fundamental” change in card fraud methodology.

    It enables unauthorized use at physical terminals, online shops, and even ATMs without requiring the physical card.

    Researchers have observed criminal networks now moving beyond smishing campaigns.

    There is growing evidence of fake ecommerce sites and even fake brokerage platforms being used to collect credentials from unsuspecting users engaged in real transactions.

    The operation has grown to include monetization layers, including pre-loaded devices, fake merchant accounts, and paid ad placements on platforms like Google and Meta.

    As card issuers and banks look for ways to defend against these evolving threats, standard security suites, firewall protection, and SMS filters may offer limited help given the precision targeting involved.

    Given the covert nature of these smishing campaigns, there is no single public database listing affected cards. However, individuals can take the following steps to assess possible exposure:

    • Review recent transactions
    • Look for unexpected digital wallet activity
    • Monitor for verification or OTP requests you didn’t initiate
    • Check if your data appears in breach notification services
    • Enable transaction alerts

    Unfortunately, millions of users may remain unaware their data has been exploited for large-scale identity theft and financial fraud, facilitated not through traditional breaches.

    Via Infosecurity

    You might also like

    bank breaching built Cards criminals Firewall Million network secret single steal Telegram
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleBest essential tech kit for college student room
    Next Article Here Are GPT-5 Prompt Engineering Insights Including Crucial AI Prompting Tips And Techniques
    Techurz
    • Website

    Related Posts

    Opinion

    The DeepMind trio who built a poker AI are now making money for quant hedge funds

    June 30, 2026
    Opinion

    Corgi, the buzzy Y Combinator-backed insurance tech startup, says it didn’t steal an open source product

    June 26, 2026
    Opinion

    Sarvam becomes India’s newest AI unicorn with $234 million funding round led by HCLTech

    June 15, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.