Phishing Kits: A Blockbuster in the Underground Market

Every online user is a fish in the vast ocean of cyberspace. And hackers have the perfect tool to catch them in their nets - “phishing kits.”

Recently, a Singapore-based cybersecurity firm, Group-IB, discovered a major boom in the phishing kit trade in the underground market. According to its report, the number of phishing kit ads and their vendors doubled in 2019 as compared to the year before. The skyrocketing price of phishing kits, which increased by 149% last year, also speaks about its burgeoning demand. 

Let’s find out what phishing kits are and why they are the talk of the town!

What are Phishing Kits? 

Phishing kits are essentially packaged as archive files containing a set of scripts that support the operations of a phishing website. Hackers with modest programming skills can also execute small- to large-scale malicious campaigns using phishing kits. 

Typically, phishing kits have a designated email address to which the exfiltrated data is collected and sent. In 2019, an 8% growth was seen in the number of unique email addresses detected in association with phishing kits sold online, as compared to the previous year. The rise in the number of such email addresses is another striking trend that highlights the proliferation of phishing kits across the underground market and its operators.

Some Statistics About Phishing Kits 

After investigating different underground forums, Group-IB’s threat hunting intelligence team came up with the following findings:

  • In 2019, the number of active phishing kit dealers in the underground market has increased by over 120% year-over-year.
  • With the prices fluctuating between $20 and $880 in 2019, the average price of a phishing kit was $304, which was more than double as compared to the year before.
  • In 2018, the phishing kit prices ranged between $10 and $824, while the average price was $122.
  • In 2019, more than 16,200 unique phishing kits were detected.
  • Out of 2.7 million phishing pages that were detected, merely 113,460 contained a phishing kit. The figures show that hackers have become more careful in their malicious activities.
  • Last year, 8% growth was seen in the number of unique email addresses detected in favor of phishing kits.
  • Google, Amazon, Office 365, Instagram, and PayPal were the most commonly found brands in the phishing kits.
  • Last year, Exploit, OGUsers, and Crimenetwork were among the top 3 online markets trading in phishing kits. 

Points to be Noted

Surprisingly, some of the phishing kits are also offered for free. According to researchers, this shows a possibility of backdoors hidden in the phishing kits, which would allow its creators to access all the exfiltrated data in the future. Phishing kits can enable attackers to compromise the personal information of millions of people. To stop this phishing kit trade, researchers recommend that the fight against its creators and vendors should be at the core of the struggle.

If detected, phishing kits can not only help cybersecurity researchers discover phishing pages but also serve as a starting point of an investigation to identify and track down the hackers and eventually the phishing kit creators.