March 1, 2024 at 08:48AM
A novel phishing kit targets mobile devices by impersonating login pages of cryptocurrency services. The kit tricks victims into sharing credentials, password reset URLs, and even photo IDs via email, SMS, and voice phishing. The attacks have successfully targeted over 100 victims, employing CAPTCHA tests and customization to appear credible. Additionally, a new phishing-as-service group called LabHost targets financial institutions in Canada with sophisticated tools like LabRat and LabSend for phishing and smishing campaigns.
Based on the meeting notes:
– A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services, primarily targeting mobile devices and using a combination of email, SMS, and voice phishing to trick victims into sharing sensitive information.
– The targets of the phishing kit include employees of the Federal Communications Commission (FCC), Binance, Coinbase, and cryptocurrency users of various platforms such as Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor.
– The phishing pages use hCaptcha to prevent automated analysis tools from flagging them and are sometimes distributed via unsolicited phone calls and text messages, spoofing a company’s customer support team.
– The phishing kit attempts to give an illusion of credibility by customizing the phishing page in real-time based on the victim’s actual phone number and selecting the required token length.
– LabHost, a new phishing-as-service (PhaaS) group, has targeted financial institutions in Canada with phishing attacks, utilizing a real-time campaign management tool named LabRat and an SMS spamming tool dubbed LabSend.
These are the key takeaways from the meeting notes. If you need further information, feel free to ask!