- Jul 22, 2014
- 2,525
Security researchers from Proofpoint have come across a sophisticated phishing kit that automates the process of building and deploying high-end phishing pages, and which is extremely efficient at collecting login credentials and user details from PayPal users.
According to researchers, the phishing kit can be used to build multi-stage phishing pages that collect user information in different steps and then log the data in a backend. A walkthrough through all the different phishing steps is available in the gallery below.
....
Proofpoint researchers say the phishing kit is more than dumb HTML, as the attackers are validating data in real-time, as soon as the user submits it.
The phishing kit checks for valid PayPal email addresses, checks to see if the login credentials are real and if the credit card numbers are correct and satisfy the Luhn algorithm.
Most phishing pages don't bother with these checks. In fact, a common trick to detect phishing pages is to enter fake login credentials and see if the phishing page detects the error. This trick would be ineffective as the phishing kit would easily pick up that something was wrong.
Phishing kit comes with a backend panel
Furthermore, this phishing kit stands apart from similar products, as it's one of the rarer phishing tools that comes with a backend GUI.
........
At a closer inspection of the phishing kit's backend (fifth screenshot), you can also see an option to enable a "selfie" page, which is something never-before-seen with phishing kits.
This selfie page uses Flash to connect to the user's webcam and allow the user to take a selfie. This photo of the victim's face can then be used by attackers to validate transactions or bypass biometrics systems.
more in the link above
According to researchers, the phishing kit can be used to build multi-stage phishing pages that collect user information in different steps and then log the data in a backend. A walkthrough through all the different phishing steps is available in the gallery below.
....
Proofpoint researchers say the phishing kit is more than dumb HTML, as the attackers are validating data in real-time, as soon as the user submits it.
The phishing kit checks for valid PayPal email addresses, checks to see if the login credentials are real and if the credit card numbers are correct and satisfy the Luhn algorithm.
Most phishing pages don't bother with these checks. In fact, a common trick to detect phishing pages is to enter fake login credentials and see if the phishing page detects the error. This trick would be ineffective as the phishing kit would easily pick up that something was wrong.
Phishing kit comes with a backend panel
Furthermore, this phishing kit stands apart from similar products, as it's one of the rarer phishing tools that comes with a backend GUI.
........
At a closer inspection of the phishing kit's backend (fifth screenshot), you can also see an option to enable a "selfie" page, which is something never-before-seen with phishing kits.
This selfie page uses Flash to connect to the user's webcam and allow the user to take a selfie. This photo of the victim's face can then be used by attackers to validate transactions or bypass biometrics systems.
more in the link above
