Japan Hit by CoGUI Phishing Attacks - HackYourMom

9 May 2025 2 minutes Author: Newsman

Japanese businesses and consumers are facing a surge in phishing attacks using the CoGUI malware. The scammers are posing as services from Amazon, Rakuten, and other popular services. Their goal is to steal credentials and payment information while skillfully avoiding detection.

Proofpoint is reporting a surge in phishing attacks in Japan using CoGUI. The tool allows cybercriminals to evade blocking and target users by sending emails impersonating Amazon, Rakuten, and other well-known brands.

Since the beginning of this year, Proofpoint has detected 172 million messages using the malware. However, the actual number could be much higher, as some of the attacks were blocked. Most often, attackers impersonate well-known payment services, transport card companies and even the Japanese tax office.

CoGUI has a unique ability to determine the characteristics of the victim’s device. This includes the IP address, browser type, screen size and operating system language. Based on the information received, attackers make a decision: to redirect the victim to a phishing resource or to the official website.

According to research, phishing campaigns are carried out approximately 50 times a month, each of which lasts from 3 to 5 days. The last major attack was recorded in March 2025. Then the fraudsters disguised themselves as Amazon and demanded to update their credentials.

Phishing in Japan was not previously so common due to the language barrier. However, with the development of large language models, such as ChatGPT, hackers were able to easily generate realistic messages in Japanese. This significantly increased the effectiveness of their attacks. As a result, in 2025, Japan was included in the list of countries most frequently subjected to cyberattacks.
The development of phishing attacks in Japan demonstrates a general trend towards the growth of cybercrime using modern technologies. The CoGUI tool is particularly dangerous due to its ability to bypass security systems and carry out attacks, taking into account the specifics of individual regions. Cybersecurity experts strongly advise users to be vigilant and use multi-factor authentication.

Other related articles

russian hackers use fake CAPTCHAs to spy on high-ranking officials

Russian hackers from COLDRIVER have developed a new malware called LOSTKEYS that uses fake CAPTCHAs to steal data and confidential files from high-ranking officials. The attack targets NATO civil servants, journalists, and civil society organizations, which serves Russia’s strategic interests.

48

Celsius Network Founder Sentenced to 12 Years in Prison for Fraud

Alex Mashinsky, founder of Celsius Network, received 12 years in prison for cryptocurrency fraud. He misled investors about the platform's security and deliberately overestimated the value of the Cel token, which caused multimillion-dollar losses for clients.

40

Canada to transfer An-124 Ruslan transport aircraft to Ukraine

Canada is transferring to Ukraine a large transport aircraft An-124 "Ruslan" after confiscation from Volga-Dnepr Airlines, which will increase Kyiv's strategic aviation capabilities and demonstrate international support in the face of Russian aggression.

42

Found an error?

If you find an error, take a screenshot and send it to the bot.

↑