loader gif

Buggy Phishing Kits Allow Criminals to Cannibalize Their Own

Buggy Phishing Kits Allow Criminals to Cannibalize Their Own (Malware and Vulnerabilities)

The vulnerable kits also offer a point of entry to compromise legitimate website servers. Worse, compromised kits can be used as a pivot point to infiltrate legitimate websites that have been compromised to host the kits in the first place. Researchers at Akamai have found holes in the installation stage of some phishing kits that would allow a second attacker to infiltrate and upload additional files, including any sort of executable code – as well as simply take over the operations of the kit. “The kits included basic vulnerabilities due to flimsy construction or reliance on outdated open-source code …and web application vulnerabilities,” wrote Larry Cashdollar, Akamai researcher, in a posting on Wednesday, adding that criminals can scan for and discover vulnerable kits, which are often uploaded to a compromised WordPress or Joomla blog.

loader gif