New version of 16Shop phishing kit targets Amazon account holders

• Researchers noted that over 200 Malicious URLs were used by the threat actors to serve this phishing kit.
• This campaign also targets Amazon users via malicious emails and PDF files that redirect users to malicious websites asking for their login information.

Researchers from McAfee uncovered a new version of the 16Shop phishing kit that targets Amazon account holders with over 200 URLs loading login in order to steal login information.

What is 16Shop?

16Shop is a commercial product that provides protection against unlicensed use and research attempts. It can also adapt the phishing templates to the type of device they load on.

A previous variant of 16Shop phishing kit targeted Apple users via malicious emails and PDF files since November 2018. It redirected users to a page asking for Apple account data, including payment card details.

The big picture

McAfee researchers observed the new variant targeting Amazon users since May 2019. Researchers noted that over 200 Malicious URLs were used by the threat actors to serve this phishing kit.

• Similar to the Apple campaign, this Amazon campaign also targeted users via malicious emails that include PDF files.
• The malicious emails state that someone is logging in and making unauthorized changes and asks the users to review the changes by clicking on the links.
• Upon clicking on the links, users are redirected to malicious websites that ask for their login information.

“The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience. To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages,” the researchers wrote.

Key takeaway

In case, if you receive emails regarding account changes on Amazon, it is best to check any account changes in the official Amazon website rather than following the suspicious links.