<div class="block-paragraph_advanced"><p><span style="vertical-align: baseline;">While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current PhaaS offerings in the Chinese underground, all of them mature services and many likely tied intricately to the broader criminal ecosystem in that region. These services not only lower the barrier to entry for Chinese cyber criminals, but reveal broader patterns on the evolution of social engineering and credential theft. </span><a href="https://blog.google/company-news/outreach-and-initiatives/public-policy/legal-action-and-legislation-fight-scammers/" rel="noopener" target="_blank"><span style="text-decoration: underline; vertical-align: baseline;">Late last year</span></a><span style="vertical-align: baseline;">, Google took legal action against one PhaaS provider and has worked since then to endorse legislation and enact technical safeguards against these types of scams.</span></p> <p><span style="vertical-align: baseline;">Within this ecosystem, GTIG has observed a fundamental move away from static password harvesting towards real-time interception and tokenization. By utilizing live administration panels, attackers can interact with victims in real-time to capture one-time passcodes (OTPs), allowing them to bypass multifactor authentication (MFA) instantly.</span></p> <p><span style="vertical-align: baseline;">Instead of simply gaining account access, these operations focus on exploiting digital wallet provisioning to transform stolen payment data into tokenized assets within ecosystems. This shift—combined with the use of encrypted delivery channels like RCS and iMessage to bypass traditional carrier security filters on SMS messages—represents an emerging development where the goal is no longer just a login, but securing direct, un

Read Full Article at Mandiant Blog →