SpartanWarriorz Phish Kits: Uncovered

Cybercriminals are using phish kits developed by authoring group SpartanWarriorz to target over 300 global brands, new research from Fortra has revealed. Attackers using the kits tend to target financial institutions in North America and Europe, retail, delivery services, and social media platforms.

Distribution Techniques

Like many cybercriminal groups, SpartanWarriorz primarily markets and distributes phishing kits through Telegram, a popular encrypted messaging service. The group’s channel boasts over 5300 subscribers and is managed by two moderators.

On November 21, the SpartanWarriorz Telegram channel was shut down, but the group quickly resumed operations by launching a new channel on the same day. This comes just months after Telegram chief executive and founder Pavel Durov announced a crackdown on illegal content on the site.

To bolster their reputation within the phishing community, SpartanWarriorz frequently gives away free phishing kits. This strategy has contributed to the group’s large subscriber base and usage rates.

Phishing Kits and Services

SpartanWarriorz’s offerings are designed to ensure that even the most inexperienced cybercriminals can launch sophisticated attacks. They have either sold or given away more than 300 phishing kits that include:

• Pre-authored Phishing Lures: Templates or examples of convincing emails, messages, or other bait designed to trick users into visiting phishing sites or engaging with scams.
• Email Spamming Services: Tools to send large volumes of phishing emails using pre-crafted content provided by SpartanWarriorz.
• Access to Web Server Shells: Access to backdoors installed on hacked servers, enabling attackers to carry out further malicious activities, such as hosting phishing pages or distributing malware.
• Antibot Lists: Lists that block specific IP addresses, user agents, and known web crawlers (such as those from security tools or search engines) from accessing the phishing pages. Blocked visitors are redirected to Google.com or shown a fake 404 error page, reducing the risk of detection.
• Enhanced Victim Interaction: Configurations that require victims to sign in twice or complete CAPTCHAs to increase the credibility of fake sites and collect more sensitive data.

The SpartanWarriorz cybercriminal group is a prime example of the democratization of cybercrime. Groups like these allow anyone with access to the internet to launch attacks on some of the world’s largest organizations.