A new version of the 16Shop phishing kit has been observed in the wild, with more than 200 URLs loading login aimed at collecting login information from Amazon customers.
16Shop is a sophisticated commercial product that features protection against unlicensed use and against research attempts. It can also adapt the phishing templates to the type of device they load on.
Researchers at McAfee noticed in May 2019 a new strain of the tool that focused on Amazon users, as revealed by the PHP code for 16Shop.
In a blog post today, Oliver Devane and Rafael Pena surmise that phishing is likely the method used to lure victims into loading the fake login pages.