The Xiū gǒu phishing kit represents a newly uncovered, highly sophisticated and global phishing threat, designed to deceive and exploit unsuspecting users across diverse sectors. Derived from Mandarin internet slang for “doggo,” this toolkit is distinguished by its refined branding and advanced evasion techniques, which collectively enhance its efficacy in targeting individuals across a wide array of industries, including public services, postal systems, banking, and digital platforms. Since its emergence in September 2024, the Xiū gǒu phishing kit has proliferated across over 2,000 known malicious websites, primarily affecting users in the UK, US, Spain, Australia, and Japan. The kit harnesses Rich Communication Services (RCS) messaging to distribute malicious, shortened URLs, which lure recipients with fraudulent alerts concerning government payments, postal fines, and other urgent notifications. These deceptive messages direct victims to counterfeit websites that closely mimic legitimate institutions, such as the UK Government, USPS, and Lloyds Bank. Once victims are compelled to enter sensitive personal or financial information, it is surreptitiously exfiltrated via a Telegram bot controlled by the attackers. Furthermore, the Xiū gǒu phishing kit leverages sophisticated anti-detection measures, including Cloudflare’s obfuscation technologies, to mask the malicious nature of the campaign and circumvent traditional security mechanisms, rendering it an exceptionally potent and evasive threat.