Researchers at Check Point, a leading provider of cyber-security solutions globally, and cyber intelligence company CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web.
Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor is able to launch a phishing campaign, that collects the personal and financial information of unsuspecting consumers, very quickly.
Unlike previous kits which are primarily composed of just one or two pages to collect personal or financial data, this new and advanced phishing kit enables hackers to create a convincing fake site. This includes options to create spoof websites of many well-known brands including Walmart, Americanas, Ponto Frio, Casas Bahia, Submarino, Shoptime and Extra.
In order to convincingly persuade their victims that they are shopping at the genuine site they think they are at, online scammers then need a domain that is similar to the targeted brand, for example,www.walmart-shopping.com. To simplify this process, [A]pache has developed a simple user interface within the admin panel where the threat actor can paste the product URL of the legitimate retailer and the kit will automatically import the product information into the phishing page. They can then view their ‘products’ and change their original prices. Once registered, they are ready to deploy the kit to a PHP and MySQL supported web host. They can then log in to the kit’s admin panel and begin configuring their campaign.
Like any shop, the fake phishing site encourages it users to also be competitive, so the kit suggests that the product prices are attractive. This helps to motivate potential ‘customers’ to click on the items and proceed to checkout. Reducing prices too low though would raise suspicions with captivated ‘customers’. In addition, one trick is to list highly valued and desired items first, like smartphones, to entice potential victims.
When customers click through from the threat actor’s email, social media link or any other way in which they could be sending traffic, the site will look exactly like the target site and customers can proceed to checkout with no suspicions raised. At this point ‘customers’ enter their payment and delivery details, including the CVV, which are then sent straight to the threat actor’s database, enabling the cyber criminal to see the victim’s personal and financial information. After the victim has entered their payment details, they are presented with a notification that the payment process has failed. This helps convince them to not be concerned when the purchased ‘product’ does not arrive.
At $100-$300, the cost is higher than more standard phishing kits. Standard kits usually retail at $20-$50, with some even free, as they only provide login pages and prompts for personal and financial information. With the [A]pache phishing kit however, threat actors are provided with a full suite of tools to pull carry out their attack. These include a whole backend interface with which they can create convincing fake retail product pages and manage their entire campaign.
With some reports claiming that 91% of cyberattacks and data breaches begin with a phishing email, phishing remains a constant threat for stealing financial information, intellectual property, and even interfering with elections. For this reason, consumers and businesses alike must ensure they have the latest protections for safe guarding against such threats.
A full copy of the research can be found here: https://blog.checkpoint.com/wp-content/uploads/2018/04/Tracking_Down_Apache_Phishing_Brochure_Final.pdf