‘Smishing’ – cybercrime involving sending deceptive SMS text messages – has just been taken to a new and dangerous level by China’s crime syndicates. Cybersecurity company, Resecurity, has discovered a devastating new smishing kit known as “Panda Shop,” which comes complete with interactive manuals on how to use it.
“The scale of global smishing activity generated by Chinese cybercriminals is impressive. The damages they generate could be estimated at tens to hundreds of millions of dollars for consumers and businesses,” warns Resecurity.
Outside the reach of Western law enforcement
Smishing groups such as Panda Shop and the Smishing Triad, which was first identified in the summer of 2023, continue to grow internationally as they reside in China and regard themselves as beyond the reach of Western law enforcement agencies. Using off-the-shelf fully-supported smishing kits such as Panda Shop, a single threat actor can send up to 2,000,000 smishing messages daily. Resecurity calculates that Smishing Triad and similar groups could easily target up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the US at least twice every year.
Smishing gangs buy compromised Apple and Gmail accounts in bulk to facilitate distribution and use strategies similar to genuine telemarketing companies to facilitate their attacks. Panda Shop, for example, uses Google RSA and Apple iMessage as their primary delivery channels. The group also provides smishing distribution services via iMessage, Apple’s proprietary messaging service, and Android Rich Communication Services (RCS). RCS is a communication protocol designed to enhance the messaging experience beyond traditional Short Message Services (SMS) and Multimedia Messaging Services (MMS).
Originally developed by the GSM Association and championed by Google, RCS allows users to send high-resolution images, videos, and larger files and utilize features like read receipts, typing indicators, and group chat functionalities. RCS operates over both cellular and Wi-Fi networks, making it more versatile than SMS/MMS, which are limited to cellular connections. It can provide a far richer messaging experience similar to popular messaging apps like WhatsApp and iMessage, and is integrated into the default messaging app on Android smartphones. Smishing is one of the main catalysts behind carding activities, providing cybercriminals with substantial volumes of compromised data collected from victims, enabling them to steal and extort cash from both corporations and individuals.
Panda Shop using Telegram for service delivery
“Panda Shop” uses multiple Telegram channels and interactive bots to automate its service delivery. Chinese cybercriminals are more comfortable using Telegram instant messaging than domestic Chinese instant messaging services such as QQ or WeChat when involved in illegal activity. But while cybercriminal groups can operate freely from geographies such as China and Russia, there is currently little that Western law enforcement can do to curtail their activities.
