Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Google Threat Intelligence Group (GTIG) reports rapid growth in Chinese phishing-as-a-service (PhaaS) operations that target international victims using encrypted messaging (RCS, iMessage), real-time credential and OTP interception via live admin panels, AI-generated phishing pages to evade detection, and digital wallet provisioning to monetize stolen payment data; many platforms also provide full criminal service suites and flaunt their operations publicly.