Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,231
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks.
Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Santander, Lloyds Bank, and the Commonwealth Bank.
Cloudflare immediately blacklisted the platform’s frontend and backend, abruptly stopping ongoing phishing campaigns from cybercriminals paying a subscription for using the PhaaS platform.
A new report from IronNet warns of the return of Robin Banks and highlights the measures its operators have taken to better hide and protect the platform from researchers.
Among the new features are bypassing multi-factor authentication (MFA) and a redirector that helps avoid detection.
Robin Banks phishing service returns to steal banking accounts
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks.
www.bleepingcomputer.com