Shifting Attack Vectors
A growing wave of phishing operations is moving away from traditional SMS messages in favor of encrypted messaging channels like Rich Communication Services (RCS) and Apple iMessage. This strategic shift allows threat actors to bypass carrier level filters that are increasingly effective at detecting and blocking suspicious links in standard SMS. The use of end to end encryption in these platforms makes it significantly harder for network security tools to inspect or intercept the malicious content.
The Google Threat Intelligence Group has analyzed a dozen active phishing as a service platforms operating within the Chinese language underground. These well organized services lower the barrier to entry for cybercriminals and represent a distinct ecosystem that rivals long established Russian language operations. Threat actors in this space openly discuss their criminal earnings on Telegram and continuously refine their tactics.
Impact and Scope
The goal of these attacks has evolved beyond simple credential theft. Cybercriminals now aim to gain real time control over victims’ financial accounts, enabling them to drain funds, initiate contactless payments, and perform ATM withdrawals remotely. The shift to encrypted messaging channels represents a significant sophistication in delivery methods that complicates detection and prevention efforts.
Despite legal action taken by Google against one provider late last year and ongoing advocacy for stronger legislation, the Chinese language phishing ecosystem continues to grow. The use of RCS and iMessage demonstrates how threat actors adapt to countermeasures by exploiting legitimate communication protocols that users trust and carriers struggle to monitor effectively.
Source: Cyber Security News
