Researchers have found a new phishing-as-a-Service toolkit, dubbed Frappo, that is being actively distributed on the dark web and Telegram channels. 

About the new Frappo toolkit

Discovered by the Resecurity Hunter unit, Frappo can enable threat actors to launch a wide range of impersonation attacks has come under the lens of researchers. 
  • The toolkit allows cybercriminals to host and generate high-quality phishing pages that imitate major online banking, e-commerce, and retail services to steal customer data.
  • The cybercrime service was first seen on March 22, 2021, and has been significantly upgraded since then. The last update of the service was registered on May 1.

Impersonating brands to steal

According to researchers, Frappo includes a dashboard to track collected credentials and provide anonymous billing, technical support, and updates.
  • The brands impersonated by the toolkit include Amazon, Uber, Netflix, Bank of Montreal (BMO), Royal Bank of Canada (RBC), CIBC, TD Bank, Desjardins, Wells Fargo, Citizens, Citi, and Bank of America.
  • The deployment of the Frappo service is fully automated. It leverages pre-configured Docker containers to collect compromised credentials.

Worth noting points

While Frappo is one such phishing toolkit discovered recently, researchers indicate that the overall phishing attacks are hitting a new high as Phishing-as-a-Service methods grow in prevalence every year. In one such incident, thousands of MitM phishing toolkits used to intercept 2FA security codes were discovered in the wild. These toolkits also enabled the attackers to steal authentication cookie files from computers.


Phishing-as-a-Service, such as  Frappo, is successfully used by threat actors for account takeover, business email compromise, and identity data theft. Given the rise in such threats, the protection of digital identity becomes one of the top key priorities for online safety.
Cyware Publisher