The scheme utilized advanced techniques like JavaScript injection, one time password interception, and WebView automation to evade notice, automate subscriptions, track scams, and exfiltrate data. Deployed in Malaysia, Romania, Thailand, and Croatia, the malware read victims SIM cards and activated only for specific carriers. Zimperium first detected the scam in March 2025, tracking it until at least January 2026. Concerned users can consult Zimperium GitHub repository for indicators of...
