November 21, 2024 at 12:08PM Microsoft and the Justice Department seized over 240 domains linked to ONNX, a phishing-as-a-service platform targeting thousands of victims globally since 2017. ONNX was the leading provider of phishing kits in 2024, enabling sophisticated attacks that bypassed security measures. Operations ceased after the owner’s identity was revealed. ### Meeting Takeaways … Read more
October 8, 2024 at 04:32PM The Mamba 2FA platform is an emerging phishing-as-a-service (PhaaS) tool, targeting Microsoft 365 accounts through AiTM attacks. It offers a competitive price of $250/month and has evolved to enhance stealthiness and longevity. It specifically targets Microsoft 365 users and offers phishing templates for various services. This platform poses a significant … Read more
October 1, 2024 at 03:45AM Over 140,000 phishing websites linked to Sniper Dz, a phishing-as-a-service platform, have been discovered. It offers free services, drawing in cybercriminals, while also collecting stolen credentials. Aspiring threat actors can easily mount phishing attacks through PhaaS platforms, such as Sniper Dz. The platform operates openly and has been observed targeting … Read more
August 12, 2024 at 08:36AM In 2023, phishing attacks impacted 94% of businesses, a 40% increase from the previous year. The surge is attributed to AI, particularly generative AI, facilitating the creation of malicious content, and PhaaS enabling easy access to skilled attackers. Threat actors now respond more quickly to evolving and planned events, capitalizing … Read more
July 30, 2024 at 10:37AM EvilProxy, a phishing kit known as the “LockBit of phishing,” is being used to launch attacks using legitimate Cloudflare services to disguise malicious traffic. Criminals are offered customer support, videos, and guides to launch campaigns and disguise their activity. Notable threat actors, TA4903 and TA577, have adopted EvilProxy for their … Read more
June 19, 2024 at 01:29PM A phishing-as-a-service operation is targeting financial firms using advanced tactics such as 2FA bypass, QR codes, and typosquatting to compromise Microsoft 365 accounts. The origin of the campaign was traced to a platform called ONNX Store, which operates through Telegram bots. Countermeasures include blocking unverified PDF and HTML attachments, implementing … Read more
June 4, 2024 at 02:56PM Cybercriminals are promoting ‘V3B,’ a new phishing kit on Telegram targeting customers of major financial institutions in multiple European countries. The kit, priced between $130-$450 per month, features advanced obfuscation, localization options, and a live chat for real-time interactions to obtain sensitive information. This indicates a growing trend in cybercrime. … Read more
March 27, 2024 at 06:14PM Summary: ‘Darcula’ is a sophisticated phishing-as-a-service (PhaaS) using 20,000 domains to target Android and iPhone users in over 100 countries. It employs modern techniques like RCS and iMessage to send phishing messages and offers over 200 templates. Cybercriminals are adapting to legislation by embracing alternative protocols but face challenges. Users … Read more
February 27, 2024 at 02:23PM The Phishing as a Service (PhaaS) platform ‘LabHost’ has become a major concern, aiding cybercriminals in targeting North American banks, particularly Canadian institutions. LabHost offers customizable phishing kits, infrastructure, and a real-time phishing management tool for a monthly fee. Their new SMS spamming tool, ‘LabSend,’ further extends their reach in … Read more
January 26, 2024 at 05:48AM Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential … Read more