It’s not just mainstream software firms like Adobe and Microsoft that have pivoted to the “as-a-service” model in recent years. We’re now seeing major cybercrime groups charge a monthly subscription for software platforms that can help their users steal money.
Google is suing a major Chinese cybercrime operation, which it said facilitated scams targeting hundreds of thousands of victims, causing losses estimated in the millions.
Roughly 9,000 fake websites and more than 1 million fraudulent URLs are allegedly connected to the group, as well as 55,000 spam texts flagged by Android users in just two weeks in May. The tech giant claims that the group, Outsider Enterprise, distributes phishing kits that enable criminals to run fake text-message campaigns impersonating well-known brands such as Google.
Phishing campaigns created with Outsider’s tools would generally start with an SMS text message directing unsuspecting users to a fake e-commerce website that would harvest their data, including credit card details.
In its court filing, Google said the group’s “phishing-for-dummies” software, named Outsider, made tools that “previously required technical sophistication” readily accessible. Subscriptions started at $88 per week and included almost 300 templates for fake websites designed to deceive customers, a dashboard that allowed criminals to monitor their campaigns, a discussion forum where users could find collaborators and receive support, and keylogging capabilities.
“As a result, a criminal with no programming knowledge can, for example, generate a near-perfect replica of a cellular provider’s website in minutes, coordinate to send ‘bait’ text messages to thousands of targets, and begin harvesting stolen data with little effort,” read the filing.
The group’s pre-made website templates allegedly included replicas of websites belonging to over 100 American organizations, including the New York City government, the District of Columbia Department of Motor Vehicles, the Los Angeles Department of Transportation Parking Violations Bureau, and the United States Postal Service.
The enterprise also allegedly encouraged scammers to use AI platforms like Google’s Gemini to write code to create their own custom phishing websites, even providing video tutorials to show users how to do so.
The filing admits Google is not aware of the real identities of members of Outsider, though it claims to have knowledge of other connected groups.
PCMag and Yahoo may earn commission from links in this article.
Click Here For The Original Source.
