Emerging Chinese Phishing-as-a-Service Ecosystem Targets Global Users

Emerging Chinese Phishing-as-a-Service Ecosystem Targets Global Users

First seen 26 May 2026, 13:37 UTC MandiantTechnaduFeeds2.FeedburnerInfosecurity-Magazinecloud.google.com+1 82% similarity 66.5

Article Content

Browse articles
ThreatCluster

The Chinese-language phishing-as-a-service (PhaaS) ecosystem is rapidly evolving, shifting from static password harvesting to real-time credential interception and tokenization. Google Threat Intelligence Group (GTIG) identified a dozen active PhaaS offerings that exploit encrypted messaging protocols like RCS and iMessage to deliver phishing lures, making detection more challenging. These services primarily target non-Chinese entities, with a focus on the general public rather than large organizations. The operators utilize advanced tactics, including live administration panels to capture one-time passcodes (OTPs) and exploit digital wallets for unauthorized transactions. The proliferation of AI tools enhances their capabilities, allowing for localized phishing content and automated operations. Recent legal actions against specific PhaaS providers indicate ongoing efforts to combat this threat. The landscape poses significant risks to users across various countries, including Japan, the US, and Australia.

Key Points: • Chinese-language PhaaS operations have shifted to real-time credential interception techniques. • Phishing services utilize encrypted messaging platforms like RCS and iMessage to evade detection. • Operators are targeting global users, primarily impersonating non-Chinese organizations.

ThreatCluster AI

Timeline

2025-11-01
Google files lawsuit against PhaaS provider
Google took legal action against a phishing service known as 'Lighthouse' for its role in credential theft.
Infosecurity-Magazine
2026-05-25
GTIG report on Chinese PhaaS released
Google Threat Intelligence Group published findings on at least a dozen active Chinese-language phishing services, highlighting their evolution and tactics.
Mandiant
2026-05-26
Chinese phishing services identified as significant threat
Research indicates that Chinese-language phishing services are expanding rapidly, posing risks to users globally.
Technadu

Community

Browse all →