Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages - Cyber Security Review

Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages

Posted onJune 3, 2026June 4, 2026AuthorCyber Security Review

Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.

The operation has a layered anti-analysis evasion architecture, which uses convincing fake Cloudflare error pages, like the “Error 524” timeout screen, as a decoy. The malicious content is only revealed to victims matching specific geofencing and mobile device criteria. This is combined with a technically mature infrastructure utilizing Base64 obfuscated Single Page Applications and real-time data exfiltration over encrypted WebSocket channels.

Read more…
Source: Group IB

Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox

Related:

How the ransomware attack at Change Healthcare went down: A timeline
August 17, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
August 16, 2024
In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Check Point investigation revealed critical missteps by the developer of Styx Stealer, including a significant operational security (OpSec) ...
‘Keyboard warrior’ jailed for part in UK disorder
August 16, 2024
A man who posted material on social media to stir up racial hatred during recent unrest across the UK has been jailed for three years. Wayne O’Rourke, who had more than 90,000 followers to his X account, posted misinformation about the killing of three young girls in Southport on 29 July and praised the burning of ...
Rogue AI is the Future of Cyber Threats
August 15, 2024
Yoshua Bengio, regarded as one of the “godfathers” of artificial intelligence, has likened the now-ubiquitous technology to a bear. When we teach the bear to become smart enough to escape its cage, we no longer control it. All we can do after that is try to build a better cage. This should be our goal with ...
A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers
August 15, 2024
FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese speakers. This malware has historically targeted e-commerce, finance, sales, and management enterprises. ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage. Another noteworthy characteristic of this malware is its heavy usage ...
UK, US supervise Ukrainian scam call centers – Russian Interior Ministry
August 15, 2024
The special services of the United Kingdom and the United States control and supervise Ukrainian scam call centers, a spokesman for the Russian Interior Ministry said. “The most important thing is that they are fully controlled by the special services of Ukraine, the special services of the UK and the US. Remote thefts ...

<<
1

...

...

983
>>

LATEST ARTICLES

THE STRATEGIC IMPORTANCE OF DIGITAL SOVEREIGNTY IN 2026
By Alexandre Grellier, CEO, Drooms
Cyber Security Review online – May 2026

A BEGINNER’S ROADMAP: HOW TO START YOUR AI SOC AGENT IMPLEMENTATION
By Kirsten Doyle
Cyber Security Review online – November 2025

THE PEOPLE BEHIND THE PIXELS: WHY CYBERSECURITY IN CRITICAL INDUSTRIES IS MORE HUMAN THAN EVER
Cyber Security Review online – July 2025

HOW TO MAXIMIZE EXCHANGE SERVER UPTIME? - SOME BEST PRACTICES
Cyber Security Review online – June 2025

KEY METRICS TO TRACK WHEN IMPLEMENTING AI IN YOUR SOC
By Josh Breaker-Rolfe
Cyber Security Review online – December 2024

ACHIEVING DATA SECURITY RESILIENCE WITH DSPM TOOLS
By Katrina Thompson
Cyber Security Review online – November 2024

CYBER SECURITY IN CRITICAL INDUSTRIES: CHALLENGES, SOLUTIONS, AND THE ROAD AHEAD
Cyber Security Review online – August 2024

HOW TO ENGAGE YOUR EMPLOYEES IN SECURITY AWARENESS TRAINING
Cyber Security Review online – April 2024

WHY IMMINENT SEC CYBER RULE CHANGES MEANS CYBER SECURITY LEADERSHIP MUST COME FROM THE VERY TOP
By Miguel Clarke, GRC and Cyber Security lead for Armor Defense
Cyber Security Review online – November 2023

WHAT COULD YOU DO IF YOU KNEW HOW EVERY PIECE OF DATA WAS BEING USED?
By Ross Moore, Cyber Security Support Analyst with Passageways
Cyber Security Review online – October 2023

A BRIEF HISTORY OF DATA LOSS PREVENTION
Cyber Security Review online – July 2023

THE 5 ESSENTIAL CYBERSECURITY AWARENESS TRAINING TIPS FOR A MORE SECURE ENVIRONMENT
Cyber Security Review online – June 2023

THE 8-STEP COMPREHENSIVE CHECKLIST FOR APPLICATION SECURITY IN 2023
Cyber Security Review online – April 2023

THE NETWORK SECURITY CHALLENGE:
Improving Visibility to Defend Against Cyberthreats
By Kev Eley, Vice President Sales UK and Europe at LogRhythm

SWEDEN LAUNCHES EUROPE’S MOST ADVANCED HUB FOR AUTOMOTIVE CYBER SECURITY
Research Institute engages ethical hackers and the latest research in cyber technology to combat spiraling threats to connected vehicles