Rising Chinese PhaaS Ecosystem Bypasses Modern Security Controls

GTIG researchers describe a growing Chinese PhaaS ecosystem that democratizes sophisticated phishing: operators use real-time session/token interception and automated OTP capture to bypass MFA, exploit encrypted messaging channels (iMessage/RCS) to distribute convincing lures, leverage AI for large-scale localized page generation, and monetize theft by provisioning stolen card data into mobile wallets; mitigation recommendations include adopting FIDO2/WebAuthn hardware keys and advanced device fingerprinting.