Microsoft and Meta Battle Cybercrime Networks
Microsoft and the Fight Against Phishing Scams
Microsoft and Meta have stepped up their fight against cybercrime through its Digital Crimes Unit (DCU). Recently, the companies announced it had shut down 240 fake websites connected to a cybercriminal in Egypt known as Abanoub Nady, also referred to as MRxC0DER. These websites were being used to sell a phishing tool named ONNX, which allowed hackers to carry out large-scale phishing attacks.
Nady’s activity reportedly dates back to 2017, with many cybercriminals purchasing his phishing kits. These kits were used to target various industries, particularly the financial sector, due to the valuable data it handles. Steven Masada from Microsoft’s DCU explained that phishing attacks on this level can have severe consequences for victims.
The ONNX phishing kits were offered as a subscription service, costing between $150 and $550, and included features such as QR codes embedded in PDFs. These codes redirected users to fake Microsoft 365 login pages, tricking them into revealing their credentials.
Microsoft’s Legal Action
Microsoft, using the alias Storm-0867 for its investigation, has been pursuing Nady for years. In collaboration with the U.S. Financial Industry Regulatory Authority (FINRA), the tech giant exposed how ONNX kits could bypass two-factor authentication (2FA) by intercepting security codes. The phishing tools were also marketed on Telegram, allowing users to easily launch attacks with templates and supporting infrastructure.
To stop these operations, Microsoft secured a civil court order to dismantle the phishing infrastructure. This move effectively blocked access to the tools, disrupting ongoing phishing campaigns. Interestingly, the legal action included the Linux Foundation (LF), which owns the trademark for the open-source ONNX framework unrelated to Nady’s malicious tools.
U.S. Justice Department Shuts Down Cybercrime Marketplace
In a separate case, the U.S. Department of Justice (DoJ) has taken down a cybercrime marketplace called PopeyeTools. This platform specialized in selling stolen financial data and tools for illegal activities. Three individuals—Abdul Ghaffar, Abdul Sami, and Javed Mirza—were charged with crimes related to fraud and trafficking of stolen account information.
PopeyeTools and Its Operations
Since 2016, PopeyeTools operated as a hub for selling personal financial information, including credit card numbers and bank account details. It also offered scam templates, email spam lists, and tutorials to commit fraud. The marketplace served thousands of users globally, including those involved in ransomware.
The DoJ estimated that PopeyeTools earned at least $1.7 million by selling stolen data from over 227,000 individuals. The operators even provided customer support, promising refunds or replacements for invalid stolen cards.
To further curb these illegal activities, authorities seized over $283,000 in cryptocurrency linked to one of the administrators.
Meta Targets Scam Centers in Southeast Asia
Meta, the parent company of Facebook, has also been cracking down on global scams. The company recently removed over two million fake accounts tied to organized crime networks in Southeast Asia, including Cambodia, Myanmar, Laos, the UAE, and the Philippines. These accounts were involved in elaborate scams known as “pig butchering.”
What Is Pig Butchering?
This type of scam begins with fraudsters building trust by forming romantic or personal connections through dating apps and social media. Once trust is established, victims are tricked into investing money in fake schemes. Victims often lose their savings, while the scammers profit.
Meta highlighted another disturbing aspect of these operations: victims are often forced to work as scammers under threats of physical harm. Many job seekers are lured into these scam hubs by false promises of lucrative jobs posted on local recruitment platforms.
Industry Collaboration to Combat Cybercrime
To tackle these issues, Meta joined forces with companies like Coinbase, Ripple, and Match Group to form the Tech Against Scams coalition earlier this year. Similarly, Google has partnered with organizations like the DNS Research Federation (DNS RF) and the Global Anti-Scam Alliance (GASA) to address online fraud and scams.
These efforts demonstrate a growing commitment by both governments and tech companies to safeguard users from cybercrime and fraud. By targeting phishing kits, shutting down illegal marketplaces, and removing fraudulent accounts, they are making strides in reducing the threat of online scams.