StalkPhish – phishing and brand impersonation detection
StalkPhish – phishing and brand impersonation detection
Since some months now, we maintain specific Yara rules to detect phishing kit sources (.zip files). Phishing kits sources are sometimes left on the host serving phishing pages. Using the StalkPhish project (see https://stalkphish.com/products/stalkphish/) we used to collect phishing kits in order to extract e-mails addresses, Telegram channels (see https://stalkphish.com/2020/12/14/how-phishing-kits-use-telegram/), and so on. In order
StalkPhish.io is a SaaS application which provides enriched data about potential phishing URL or brand impersonation use, with a REST API.
Scammer world should be a hard thug life. A merciless world… with no pity… Some scammers try to steal other ones! What a shameless! During our researches we found one of those ‘backdoored’ phishing kit, let’s have a fast dive into it.
Analysis of a Facebook phishing kit which exfiltrate stolen data to an online Google Sheet using ajax POST method.
More and more actors uses Telegram chat groups to exfiltrate harvested data, we’ll show you how we can collect informations about those actors. Let’s have a dive into one of this kits.
An analysis of a phishing kit found with StalkPhish tool. This phishing kit impersonating a professional Outlook login pattern and exfiltrate credentials on an online portal (FormBuddy)… with no success.
