China-based groups selling phishing-as-a-service kits for mobile-points smishing
Threat Actor Meta
Summary
Hide ▲
Show ▼
Multiple China-based cybercriminal groups are selling phishing-as-a-service platforms that reuse the same scam infrastructure across mobile points, tax-refund, and fake e-commerce lures, expanding the fraud ecosystem now being aimed at U.S. consumers. The shift matters because it makes the scam supply chain easier to scale, harder to disrupt, and more profitable for operators who can rapidly spin up new storefronts and SMS lures. The same model also increases the chance that victims will hand over payment card data and one-time codes needed to enroll cards in mobile wallets.
Related Happenings
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
Campaign
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
CampaignAbout this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Refund-fraud communities commoditize refund abuse into a service market
Threat Actor Meta
First: 18.03.2026 16:05
Last: 18.03.2026 16:05
Sources 1
About this happening:
Underground fraud communities have **commoditized refund abuse** into a service market, increasing losses for **retailers and payment platforms**. Sellers now package **methods, t...
Refund-fraud communities commoditize refund abuse into a service market
Threat Actor MetaAbout this happening: Underground fraud communities have **commoditized refund abuse** into a service market, increasing losses for **retailers and payment platforms**. Sellers now package **methods, t...
Record crypto-fraud losses rise with AI-driven impersonation
Target Trend
First: 14.01.2026 12:00
Last: 14.01.2026 12:00
Sources 1
About this happening:
**Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...
Record crypto-fraud losses rise with AI-driven impersonation
Target TrendAbout this happening: **Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...
Kimwolf and Aisuru linked as a shared botnet operator ecosystem
Threat Actor Meta
First: 09.01.2026 01:23
Last: 09.01.2026 01:23
Sources 1
About this happening:
**Infoblox** says **PBaaS service providers** are helping industrialize **pig butchering** operations by supplying **scam kits**, **stolen identities**, **mobile apps**, **CRM/SCR...
Kimwolf and Aisuru linked as a shared botnet operator ecosystem
Threat Actor MetaAbout this happening: **Infoblox** says **PBaaS service providers** are helping industrialize **pig butchering** operations by supplying **scam kits**, **stolen identities**, **mobile apps**, **CRM/SCR...
China-based smishing and fake e-commerce phishing campaign
Campaign
First: 05.12.2025 01:02
Last: 05.12.2025 01:02
Sources 1
How related:
Over the past week, thousands of domain names were registered for scam websites that purport to offer T-Mobile customers the opportunity to claim a large number of rewards points.
About this happening:
A **China-based phishing campaign** has escalated into mass-registered scam domains and **SMS lures** for rewards points, tax refunds, and fake retail deals, increasing risk for *...
China-based smishing and fake e-commerce phishing campaign
CampaignHow related: Over the past week, thousands of domain names were registered for scam websites that purport to offer T-Mobile customers the opportunity to claim a large number of rewards points.
About this happening: A **China-based phishing campaign** has escalated into mass-registered scam domains and **SMS lures** for rewards points, tax refunds, and fake retail deals, increasing risk for *...
Timeline
-
05.12.2025 01:02 2 articles · 5mo ago
China-based phishing kits expand to mobile-wallet fraud
Initial DisclosureChina-based cybercriminal groups selling phishing-as-a-service platforms are expanding mobile-points smishing toward U.S. consumers, using thousands of T-Mobile-themed domains and similar AT&T lures to push victims toward fake e-commerce storefronts, unclaimed tax-refund pages, and mobile-only phishing sites delivered through iMessage and RCS. The scams seek payment card data and one-time codes that fraudsters use to enroll cards in Apple or Google mobile wallets.
Show sources
- SMS Phishers Pivot to Points, Taxes, Fake Retailers — krebsonsecurity.com — 05.12.2025 01:02
- SMS Phishers Pivot to Points, Taxes, Fake Retailers — krebsonsecurity.com — 05.12.2025 01:02