More than 42,000 web domains are being leveraged by China-based threat group Fangxiao in a massive impersonation scheme that involved spoofing over 400 well-known financial, banking, travel, retail, pharmaceutical, energy, and transport sector brands in an effort to facilitate infection with the Triada trojan and other malware, according to BleepingComputer. Nearly 300 new brand impersonation domains are being registered by Fangxiao daily, with at least 24,000 landing and survey domains leveraged for fake prize promotions since March, a report from Cyjax found. Visitors of such landing domains are being redirected to a timed survey domain that seeks to avert suspicion of fraud, with some instances resulting in app downloads. The report also revealed that ylliX advertisements on the landing sites, which would prompt another redirection chain that leads to the download of the Triada trojan when clicked. Fangxiao's campaign also redirects to the 'App Booster Lite RAM Booster' app's Play Store page.