Scam alert! Chinese scam toolkit actively targeting Australia & New Zealand

“At first it looked like free money – they gave me some ‘trial’ thing where my account showed US$20 profit. Then immediately they wanted me to use that ‘profit’ to ‘buy a shared bike’ and deposit more to keep going. When I pushed back, they kept dodging my questions, deleted stuff from chat, and tried to pressure me into sending crypto. They also change accounts a lot, like ‘oh my old account got hacked’ lol,” the user warned.

“I didn’t send them anything but it’s 100 per cent a scam. Total pig-butchering vibe. Posting here so if anyone googles Yuechi Sharing Technology they’ll see this. Don’t fall for it.”

As it turns out, the user was 100 per cent correct, and Yuechi Sharing Technology – which is still live, and offering ‘opportunities’ to victims in Australia, New Zealand, and the United States.

Operations such as Yuechi are just the tip of the iceberg, however, and are built on repeatable scam templates built on a Chinese application framework.

According to researchers at Infoblox Threat Intel, the framework – DCloud Uni-App, or simply DCloud – is the technical foundation behind at least 236,493 unique second-level domains known to represent scam infrastructure.

These range from the fake crypto exchanges, such as RainbowEx (which claimed thousands of residents of an Argentinian town as victims in 2024) to WhatsApp phishing networks, multi-language pig-butchering operations, and fake gambling platforms.

VIEW ALL

Operations like Yuechi have also been observed going to great lengths to establish regulatory legitimacy, even going so far as to warn its users of scams that appear similar to their day-to-day operations.

Perhaps as alarming as the threat to individuals, Infoblox is warning that scam threats such as these are increasingly crossing the workplace perimeter via personal devices and office networks. The company has to date recorded over five million attempted connections from 985 organisations in 25 industries.

“No single company drove the volume,” Infoblox said.

“It came from many small visits by employees, often after links sent through WhatsApp, Telegram or social media.”

Zach Edwards, Staff Threat Researcher at Infoblox, believes the problem goes far beyond mere consumer fraud.

“When scam traffic reaches work devices and work networks, companies inherit the fallout, from employee losses to possible data exposure and tougher scrutiny from leadership,” Edwards said.

You can read more about Infoblox’s findings here.

Infoblox said there are four practical considerations network defenders should be aware of:

This is consumer fraud with enterprise impact: These scams primarily target employees as consumers rather than corporate networks, making them difficult for traditional enterprise-focused security monitoring to detect due to their low-volume, distributed nature.

Modern awareness training should match the local context: Security awareness programs should expand beyond phishing to cover regionally relevant consumer investment and recruitment scams that spread through trusted social and community networks.

Registration is not endorsement: Government registrations and business filings can be exploited to create a false sense of legitimacy and should never be treated as evidence that an investment opportunity is genuine.

Keep track of the wider scam ecosystem: Law enforcement should increase efforts to identify and disrupt the infrastructure behind DCloud-based scam operations, including shared hosting providers and other common indicators linking related threat actors.