#PhishingKit – Xynik

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

July 26, 2024 by Xynik

July 26, 2024 at 09:36AM The GXC Team, a Spanish-speaking cybercrime group, has bundled phishing kits with malicious Android apps, creating a sophisticated phishing-as-a-service platform. They target users of Spanish banks and institutions worldwide, using smishing and social engineering techniques. The threat also involves AI-infused voice calling tools, AI-powered voice cloning, and adversaries-in-the-middle capabilities in … Read more

New phishing toolkit uses PWAs to steal login credentials

June 12, 2024 by Xynik

June 12, 2024 at 01:41PM A new phishing kit has been released enabling creation of deceptive corporate login forms using Progressive Web Apps (PWAs). PWAs are web-based apps that imitate desktop applications and can display fake address bars to make phishing forms look convincing. Security researcher mr.d0x has released templates for this technique, potentially enabling … Read more

New V3B phishing kit targets customers of 54 European banks

June 4, 2024 by Xynik

June 4, 2024 at 02:56PM Cybercriminals are promoting ‘V3B,’ a new phishing kit on Telegram targeting customers of major financial institutions in multiple European countries. The kit, priced between $130-$450 per month, features advanced obfuscation, localization options, and a live chat for real-time interactions to obtain sensitive information. This indicates a growing trend in cybercrime. … Read more

In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing

March 29, 2024 by Xynik

March 29, 2024 at 10:36AM Summary: SecurityWeek’s roundup compiles this week’s cybersecurity stories, including US airlines facing privacy reviews, HHS cyberattack investigation, analysis of phishing kits like Tycoon and Darcula, MFA bombing attacks on Apple users, continued investigation into Chinese hacking of Finland’s parliament, and revelations about abandoned WordPress plugins. Other topics include the SEC’s … Read more

‘Darcula’ Phishing-as-a-Service Operation Bleeds Victims Worldwide

March 27, 2024 by Xynik

March 27, 2024 at 08:56AM A widespread and affordable phishing kit includes numerous templates aimed at Kuwait Post, Etisalat, Jordan Post, Saudi Post, Australia Post, Singapore Post, and postal services in South Africa, Nigeria, Morocco, and other countries. Based on the meeting notes, it seems that there is a widespread and cost-effective phishing kit that … Read more

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

March 27, 2024 by Xynik

March 27, 2024 at 04:09AM A new phishing campaign discovered by Trustwave SpiderLabs involves a novel loader malware delivering Agent Tesla via a deceptive bank payment notification email. The malware evades detection and antivirus defenses, retrieves its payload using unique URLs, and exfiltrates data via legitimate email accounts. This tactic poses challenges for detection and … Read more

Hackers target FCC, crypto firms in advanced Okta phishing attacks

March 2, 2024 by Xynik

March 2, 2024 at 11:35AM The new phishing kit CryptoChameleon targets FCC employees and cryptocurrency platforms like Binance and Coinbase. It employs complex phishing methods, including email, SMS, and voice phishing to obtain sensitive information. Attackers use closely resembling domains and well-designed phishing pages to deceive victims and may redirect them to genuine platforms or … Read more

CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit

March 1, 2024 by Xynik

March 1, 2024 at 01:49PM CryptoChameleon phishing kit is targeting cryptocurrency platforms, government agencies, and single sign-on users. Victims primarily use Apple iOS and Google Android devices. The attacks yield sensitive data beyond usernames and passwords. The sophisticated tactics include personalized outreach and convincing duplication of legitimate pages. Experts advise stronger forms of authentication and … Read more

New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users

March 1, 2024 by Xynik

March 1, 2024 at 08:48AM A novel phishing kit targets mobile devices by impersonating login pages of cryptocurrency services. The kit tricks victims into sharing credentials, password reset URLs, and even photo IDs via email, SMS, and voice phishing. The attacks have successfully targeted over 100 victims, employing CAPTCHA tests and customization to appear credible. … Read more