- FBI dismantled Chinese PhaaS “Outsider Enterprise” and seized servers, $100k USDT and Telegram bot
- The service ran ~9,000 fake websites, 1M+ URLs, stole 3.8M credit cards and caused $1.9B in losses
- Google files civil suit, says crooks blasted 2.5 million fraudulent texts in two weeks targeting Android users
FB) has dismantled a major Chinese phishing-as-a-service (PhaaS) operation called Outsider Enterprise.
In a statement, the law enforcement agency said it seized several management servers, a Shopify e-commerce store and an account that the attackers used to test PhaaS, mostly SMS-based lures.
The FBI also seized about $100,000 in USDT cryptocurrency, redirected thousands of phishing pages to an FBI advertising site, and seized a Telegram bot used to store the stolen information.
Google is suing
Phishing-as-a-Service is a model where threat actors rent a kit that allows them to easily create fake login pages that spoof big brands, send bulk spam emails and text messages, and exfiltrate stolen files.
The FBI says this particular PhaaS was very popular in the cybercriminal community. It was active for about three years, was used to generate about 9,000 fake websites, as well as at least one million fraudulent URLs. Hackers used this PhaaS to steal more than 3.8 million credit card records, resulting in about $1.9 billion in losses.
This campaign was also followed by lawsuits from Google. The search engine giant filed a civil lawsuit against PhaaS’s infrastructure and is working with major telecommunications providers to block fraudulent messages before they reach their targets.
“Our civil lawsuit targets an organized cybercrime known as ‘Outsider Enterprise.’ Based in China and coordinated through Telegram, this network distributes ‘phishing kits’ that allow criminals to blast out fake text campaigns that appear to be from Google and other trusted brands,” Google said.
Google claims that in just two weeks, crooks sent around 2.5 million fraudulent SMS messages to targets using Android devices. Users marked only 55,000 of them as fraudulent.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
