Listen to this Post
A New Era of Phishing: No Skills Needed
In a worrying new trend, the “Haozi” gang — a Chinese-speaking phishing-as-a-service (PhaaS) group — has emerged as a leading player in making cybercrime as easy as clicking a button. According to Netcraft researchers, this operation is reshaping how phishing campaigns are carried out, selling complete phishing kits to amateur attackers through Telegram groups.
What makes Haozi particularly alarming is how it packages its services like a commercial software product. With a cartoon mouse mascot, after-sales support, and a plug-and-play infrastructure, even users with zero technical knowledge can now launch sophisticated phishing campaigns. A flat \$2,000 fee paid in USDT (Tether cryptocurrency) gives the buyer access to ready-to-deploy phishing tools. Haozi even manages installation and provides a centralized control panel for running phishing campaigns and collecting stolen credentials.
Unlike traditional affiliate models used by other cybercrime groups, Haozi opts for a one-time payment system and acts as a broker for additional services like SMS or email message delivery. This reduces the complexity for users and expands their customer base to anyone with money and malicious intent. As of now, the Tether wallet tied to these services has recorded over \$280,000 in transactions. Thousands of phishing hostnames tied to Haozi have been discovered.
Telegram is central to Haozi’s ecosystem, offering different channels for support, tutorials, FAQs, and phishing resource exchanges. Their Telegram group, which initially peaked at 7,000 members, is making a strong comeback with over 1,700 new members since its relaunch in April. Netcraft emphasizes that this robust support system is not an added feature — it’s part of the product itself.
For defenders, this shift presents new challenges. The democratization of phishing through PhaaS means that even small businesses, once considered low-risk, are now prime targets. As advanced intrusion methods get harder to execute due to stronger enterprise defenses, attackers are pivoting to scalable, socially engineered scams powered by tools like Haozi’s.
These services mimic legitimate software-as-a-service (SaaS) businesses, complete with customer support, subscription models, and regular updates — a sign that cybercrime is evolving into a polished, professional enterprise.
What Undercode Say: 🧠
The rise of the Haozi phishing operation marks a significant turning point in the evolution of cybercrime. What we’re witnessing is a blend of consumer-friendly design principles with black-hat objectives, effectively turning phishing into a commercialized industry that operates with the efficiency and support of legitimate SaaS platforms.
From a threat analysis perspective, the implications are enormous. Previously, the effectiveness of phishing campaigns was often limited by the attacker’s technical skill. Haozi removes that barrier entirely. This means a broader range of threat actors — including those with minimal knowledge — can now execute targeted phishing attacks with high success rates.
The use of cryptocurrency also shows a growing sophistication in cybercriminal operations. Tether’s stability and global acceptance make it ideal for transactions that need to evade traditional financial scrutiny. The \$280,000 detected in the associated USDT wallet highlights how lucrative these operations can be — and how many are already engaging in them.
The Telegram-based support ecosystem, complete with guides, customer support, and community interaction, is another alarming feature. It ensures that even complete novices are onboarded quickly, and it builds loyalty through continued support. This also means campaigns can be scaled easily, with a high degree of coordination and knowledge sharing between users.
Interestingly, Haozi doesn’t follow the affiliate model like DragonForce or Darcula. By maintaining control and offering a one-time fee, it streamlines the user experience, perhaps even improving customer retention. This is a clever business move, as it shifts the focus from recurring profit sharing to volume-based growth.
This trend should alert defenders and cybersecurity professionals. Traditional defenses like antivirus software or intrusion detection systems are no longer enough. The battlefront has shifted to social engineering and the human layer of security — where education, phishing simulations, and threat awareness training are now paramount.
The emergence of polished PhaaS groups like Haozi represents a larger shift in the cybercrime landscape: from chaotic hacker collectives to organized, customer-centric cybercrime platforms. These groups are no longer anomalies — they are becoming the new standard. And without proactive countermeasures, even the most secure systems could fall victim to well-orchestrated, amateur-led phishing campaigns.
🕵️ Fact Checker Results:
Verified: Haozi is an active PhaaS group with Telegram-based operations.
Verified: They charge a flat \$2,000 in USDT and offer full infrastructure.
Verified: Their service has earned over \$280,000, showing high adoption rates.
🔮 Prediction:
As the Haozi model proves successful, expect to see a surge in copycat PhaaS groups across other regions and languages. The next evolution in cybercrime will likely involve AI-powered phishing personalization, further lowering the barrier for entry while increasing attack success rates. Cybersecurity teams must prepare now, or risk falling behind in this fast-moving threat landscape.
References:
Reported By: www.darkreading.com
Extra Source Hub:
https://www.medium.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
