Inside Intelligence Center: Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers

**Executive Summary:** EclecticIQ uncovered a large-scale financially motivated phishing campaign dubbed "SilkSpecter" that used fake Black Friday e-commerce sites (often created via the Chinese SaaS oemapps) to collect CHD, SAD, PII and phone numbers from shoppers in Europe and the USA by processing payments through Stripe while covertly exfiltrating the captured data to attacker-controlled servers; the campaign employed multilingual pages (Google Translate), trackers (OpenReplay, TikTok Pixel, Meta Pixel), typosquatted domains across .top/.shop/.store/.vip, and repeatable IOCs such as the "/homeapi/collect" endpoint, a "trusttollsvg" asset, and specific file hashes and domains.