THE article discusses the rise of Chinese-language Phishing-as-a-Service (PhaaS) offerings, emphasizing their evolution and unique characteristics compared to Russian counterparts. Key highlights include a shift from static password harvesting to real-time interception of credentials, focusing on exploiting digital wallets and bypassing multi-factor authentication (MFA).
Providers within this ecosystem operate openly, predominantly using Telegram for advertisements, and offer various related services, including the sale of personally identifiable information (PII). Notable tactics include leveraging Rich Communication Services (RCS) and iMessage for message delivery, and utilizing AI for generating phishing templates. A case study on YY Lai Yu showcases the localization of these services to target international markets, especially Japan. The article concludes with an outlook on the need for enhanced security measures beyond user education to counteract these sophisticated threats.