Chinese cybercrime syndicate Panda Shop has been offering a new SMS phishing kit that features automated crime-as-a-service delivery to facilitate the delivery of up to 2 million malicious text messages daily and overlaps with the Smishing Triad toolkit, reports Cybernews.
Multiple threat actors have been using the Panda Shop smishing kit, which exploits Google RCS and Apple iMessage, as well as SMS gateways, to primarily compromise Google Wallet and Apple Pay and pilfer credit card and personal information, according to Resecurity researchers. Further analysis showed Panda Shop to enable the impersonation of numerous organizations worldwide, including internet service providers, delivery firms, and government websites. "Our investigators suspect the group includes Smishing Triad members who transitioned their operations under the new brand after being publicly shamed. The kit’s structure and scripting scenarios analyzed by Resecurity mimic the same product but include specific improvements and new supported template," said researchers.
Multiple threat actors have been using the Panda Shop smishing kit, which exploits Google RCS and Apple iMessage, as well as SMS gateways, to primarily compromise Google Wallet and Apple Pay and pilfer credit card and personal information, according to Resecurity researchers. Further analysis showed Panda Shop to enable the impersonation of numerous organizations worldwide, including internet service providers, delivery firms, and government websites. "Our investigators suspect the group includes Smishing Triad members who transitioned their operations under the new brand after being publicly shamed. The kit’s structure and scripting scenarios analyzed by Resecurity mimic the same product but include specific improvements and new supported template," said researchers.
