Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Chinese-Language Phishing Kits Are Growing More Advanced

KnowBe4 Team | Jun 4, 2026

Google’s Threat Intelligence Group (GTIG) is tracking phishing-as-a-service offerings in the rapidly expanding Chinese cybercriminal ecosystem, noting that at least a dozen of these phishing kits are sophisticated tools that lower the barrier for unskilled criminals to launch advanced attacks.

“Within this ecosystem, GTIG has observed a fundamental move away from static password harvesting towards real-time interception and tokenization,” GTIG explains. “By utilizing live administration panels, attackers can interact with victims in real-time to capture one-time passcodes (OTPs), allowing them to bypass multifactor authentication (MFA) instantly. Instead of simply gaining account access, these operations focus on exploiting digital wallet provisioning to transform stolen payment data into tokenized assets within ecosystems. This shift—combined with the use of encrypted delivery channels like RCS and iMessage to bypass traditional carrier security filters on SMS messages—represents an emerging development where the goal is no longer just a login, but securing direct, unauthorized control over a victim's financial accounts.”

Notably, these phishing kits use RCS and iMessage to target Android and Apple users, increasing the likelihood that the phishing messages will reach their targets.

“Rather than traditional SMS, these Chinese-language PhaaS operators heavily leverage Rich Communication Services (RCS) and Apple’s iMessage,” the researchers write. “Protocols that use end-to-end encryption make it difficult for server-side delivery infrastructure to inspect or filter malicious links, which makes on-device protections critical. Messages also contain more extensive engagement features (including read receipts, typing indicators, group chat functionalities, as well as the ability to send high-resolution images, videos, and larger files). This makes them ideal for social engineering operations, as lures appear remarkably legitimate to the average user.”

GTIG has the story: 2 PhaaS 2 Furious: The Evolution of Chinese-Language Phishing Services

 

Topics: Social Engineering Phishing Cybercrime Multi-Factor Authentication (MFA) Threat Intelligence

Secure Your Human and AI Workforce

Transform your attack surface into your strongest defense with our AI-driven platform. Request a personalized demo to see how to mitigate social engineering, manage agent risk, and automate your phishing response.

Get a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

KnowBe4 Team

ABOUT KNOWBE4 TEAM

The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

Read more from KnowBe4 »

Subscribe the KnowBe4 Blog

Posts By Topic

View all topics >