Phishing Kits Target Over a Million Victims Globally

Researchers from Zscaler ThreatLabz have currently reported that four phishing kits have caused over a million attacks across various countries. These cybercrime tools are designed to efficiently target everyday users.

The kits, named BlackForce, GhostFrame, InboxPrime AI, and Spiderman, are used to steal digital credentials. The Spiderman kit, in particular, has been covered by outlets such as TecMundo earlier this week.

Impact of BlackForce on Major Brands

The BlackForce kit, identified in August 2023, is employed to steal credentials and conduct attacks known as Man-in-the-Browser (MitB). This type of attack compromises the victim's browsers, allowing the interception and manipulation of data between users and legitimate websites.

The BlackForce kit has impersonated over 11 brands, including Disney, Netflix, DHL, and UPS. Researchers highlight that the kit remains under development, with versions 4 and 5 activated recently.

The pages associated with BlackForce use JavaScript files with cache busting hashes, ensuring that the browser downloads the most recent version of the script. The scam redirects the victim to a phishing page where, after entering their password, information is sent to a Telegram bot and a real-time control panel.

GhostFrame and Its Stealthy Approach

The GhostFrame kit, detected in September 2023, uses a simple HTML file containing an iframe to direct users to fraudulent pages with the intent of stealing Google and Microsoft 365 account data.

The scam begins with phishing emails that create a false sense of urgency regarding contracts and invoices. The GhostFrame implements anti-analysis techniques, making it difficult to identify malicious activities.

Key targets include Germany, Austria, Switzerland, and Belgium, with the kit being marketed in chat groups. The multifaceted attack method also incorporates a fallback mechanism to ensure the scam's effectiveness even in the face of blocks.

InboxPrime AI: Evolution of Phishing

The InboxPrime AI represents an evolution of BlackForce, utilizing Artificial Intelligence to automate phishing campaigns. It is marketed on Telegram and costs over R$ 5,000.

Experts from Abnormal emphasize that this tool can simulate human behavior in email sending, using the Gmail interface to bypass security filters. Additionally, the kit generates phishing messages, adapting to access an increasingly vulnerable audience.

Spiderman: Focus on the European Financial Sector

The kit named Spiderman is designed to target banking users in Europe. It provides centralized access for cybercriminals, allowing them to launch phishing campaigns and manage stolen data in real-time.

The control panel includes features like live session monitoring and simplified credential export. Criminals can also capture identity verification methods like PhotoTAN, increasing their chances of success.

Investigations continue to reveal the evolution and impact of these malicious technologies on users' daily lives. For more information on digital security, keep an eye on our updates.