One of the latest kits downloaded by StalkPhish targets customers of the online bank M&T. It has a special feature that we wanted to share with you. We still blogged about the use of Telegram by scammers, but this kit present an interesting new trick. First observations As many, the archive of this kit has
Category: phishing kit
At StalkPhish we like dissecting Phishing kits, first because we create Yara rules for detection, secondly because we must continually keep up to date with new developments in terms of phishing kits, finally because we like to pass on to the general public knowledge about this type of threat. The phishing kit we go to
Since some months now, we maintain specific Yara rules to detect phishing kit sources (.zip files). Phishing kits sources are sometimes left on the host serving phishing pages. Using the StalkPhish project (see https://stalkphish.com/products/stalkphish/) we used to collect phishing kits in order to extract e-mails addresses, Telegram channels (see https://stalkphish.com/2020/12/14/how-phishing-kits-use-telegram/), and so on. In order
StalkPhish.io is a SaaS application which provides enriched data about potential phishing URL or brand impersonation use, with a REST API.
Scammer world should be a hard thug life. A merciless world… with no pity… Some scammers try to steal other ones! What a shameless! During our researches we found one of those ‘backdoored’ phishing kit, let’s have a fast dive into it.
Analysis of a Facebook phishing kit which exfiltrate stolen data to an online Google Sheet using ajax POST method.
More and more actors uses Telegram chat groups to exfiltrate harvested data, we’ll show you how we can collect informations about those actors. Let’s have a dive into one of this kits.
An analysis of a phishing kit found with StalkPhish tool. This phishing kit impersonating a professional Outlook login pattern and exfiltrate credentials on an online portal (FormBuddy)… with no success.