Sometimes phishing campaigns are not conduced with phishing kits only, actors behind those phishing campaigns can use different tricks to prevent their work being takedown, as using protected web redirectors. A campaign we can see this days use this redirector trick on several domain names. This campaign target DHL customers, impersonating the delivery company. A
Since some months now, we maintain specific Yara rules to detect phishing kit sources (.zip files). Phishing kits sources are sometimes left on the host serving phishing pages. Using the StalkPhish project (see https://stalkphish.com/products/stalkphish/) we used to collect phishing kits in order to extract e-mails addresses, Telegram channels (see https://stalkphish.com/2020/12/14/how-phishing-kits-use-telegram/), and so on. In order
StalkPhish.io is a SaaS application which provides enriched data about potential phishing URL or brand impersonation use, with a REST API.
Scammer world should be a hard thug life. A merciless world… with no pity… Some scammers try to steal other ones! What a shameless! During our researches we found one of those ‘backdoored’ phishing kit, let’s have a fast dive into it.
Analysis of a Facebook phishing kit which exfiltrate stolen data to an online Google Sheet using ajax POST method.
More and more actors uses Telegram chat groups to exfiltrate harvested data, we’ll show you how we can collect informations about those actors. Let’s have a dive into one of this kits.
An analysis of a phishing kit found with StalkPhish tool. This phishing kit impersonating a professional Outlook login pattern and exfiltrate credentials on an online portal (FormBuddy)… with no success.