A number of phishing kits with security vulnerabilities have been discovered. Security researchers from Akamai came across these faulty utilities, which were possibly used to target financial institutions. The kits were found to be either developed shoddily or relied on outdated open-source code from a GitHub repository. However, the researchers did not find any secondary attacks carried out from these kits.
Victims get hit the most
While other attackers may run off with sensitive data, Cashdollar suggested that victims would suffer the most by these kits. “The real risk and concern in this situation goes to the victims - the server administrators, bloggers, and small business owners whose websites are where phishing kits like these are uploaded. They're getting hit twice and completely unaware of the serious risk these phishing kits represent,” said Cashdollar.