The smishing kit has been used by multiple threat actors.
Chinese cybercrime syndicate Panda Shop is offering an SMS phishing kit that features automated crime-as-a-service delivery, to facilitate the delivery of up to two million malicious text messages at a time.
According to research from Resecurity, the smishing kit has been used by multiple threat actors. It exploits Google RCS and Apple iMessage, as well as SMS gateways, primarily to compromise Google Wallet and Apple Pay, and pilfer credit card and personal information
As reported by Cybernews, further analysis showed Panda Shop to enable the impersonation of numerous organisations worldwide, including internet service providers, delivery firms, and government websites.
Researchers said: “Our investigators suspect the group includes Smishing Triad members, who transitioned their operations under the new brand after being publicly shamed. The kit’s structure and scripting scenarios analysed by Resecurity mimic the same product but include specific improvements and new supported template.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
