2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services

GTIG observed a China-based phishing-as-a-service (PhaaS) operator, YY Lai Yu, offering 400+ highly localized Japanese phishing templates and comprehensive operator tooling that harvests payment card data and OTPs. The service leverages anti-bot human verification, encrypted bulk messaging (RCS/iMessage), domain registration automation, BIN-based filtering, and admin controls to scale and evade detection, and the report recommends stronger technical controls (e.g., FIDO2/WebAuthn, risk-based verification) to mitigate impact.