THE article discusses the escalating threat posed by the Chinese Phishing-as-a-Service (PhaaS) ecosystem, which has shifted tactics to bypass modern security controls, particularly targeting mobile users. Analysts identified that these cybercriminals have moved from static password harvesting to real-time session hijacking, undermining multi-factor authentication (MFA). The use of encrypted messaging services enhances their operations, making malicious links undetectable.
Additionally, attackers exploit stolen payment data by enrolling it in digital wallets for long-term access. AI-driven techniques are employed to automate and localize phishing campaigns, complicating detection efforts. Organizations are advised to adopt FIDO2 and WebAuthn hardware keys and implement advanced security measures to mitigate these threats.