Chinese-Language PhaaS: Real-Time Interception and Digital Wallet Exploitation

Chinese-language phishing-as-a-service (PhaaS) operators are evolving beyond static password harvesting toward real-time interception and tokenization, bypassing multifactor authentication (MFA) instantly.

Using live admin panels, attackers capture one-time passcodes (OTPs) as victims enter them, then provision stolen payment cards into digital wallets on attacker-controlled devices.

Delivery via encrypted channels like RCS and iMessage evades carrier filters, while AI-powered page generators produce unique phishing sites that defeat signature-based detection.

The ecosystem operates openly on Telegram, selling ancillary services such as PII, domain registration, and money laundering.

The Evolution of Chinese-language Phishing Services

View Original