- FBI dismantled Chinese “outside company” PhaaS, seizing servers, $100,000 USDT and Telegram bot
- The service ran ~9,000 fake sites, over 1 million URLs, stole 3.8 million credit cards, and caused $1.9 billion in losses.
- Google Filed Civil Lawsuit, Says Criminals Targeted 2.5 Million Fraudulent SMS in Two Weeks Targeting Android Users
FB) has taken down a major Chinese phishing-as-a-service (PhaaS) operation called Outsider Enterprise.
In an announcement, the law enforcement agency said it seized several management servers, a Shopify e-commerce store and an account that the attackers used to test PhaaS, mostly SMS-based honeypots.
The FBI also seized around $100,000 in USDT cryptocurrency, redirected thousands of phishing pages to an FBI advertising site, and seized a Telegram bot that was used to store the stolen information.
Google files a lawsuit
Phishing-as-a-Service is a model where threat actors rent a kit that allows them to easily create fake login pages that impersonate major brands, as well as send mass spam emails and SMS messages, and extract stolen files.
The FBI says that this particular PhaaS was very popular among the cybercriminal community. It was active for approximately three years and was used to generate around 9,000 fake websites as well as at least one million fraudulent URLs. Hackers used this PhaaS to steal more than 3.8 million credit card records, resulting in losses of around $1.9 billion.
This campaign was also followed by legal action by Google. The search engine giant has filed a civil lawsuit against PhaaS infrastructure and is working with major telecommunications providers to block fraudulent messages before they reach their targets.
“Our civil lawsuit targets an organized cybercrime operation known as ‘Outsider Enterprise’. Based in China and coordinated through Telegram, this network distributes “phishing kits” that allow criminals to launch fake text campaigns that appear to be from Google and other trusted brands,” Google said.
Google claims that in just two weeks, criminals sent around 2.5 million fraudulent SMS messages to targets using Android devices. Users flagged only 55,000 of them as fraudulent.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
