While there are various motivations for various threat actors, most of them are financially motivated. When it comes to cash, phishing becomes the default attack technique. Now, criminals can buy readymade phishing kits for a successful campaign.

Why use phishing kits?

Phishing kits enable non-technical criminals to readily leverage new techniques. These kits contain a set of tools that allow wannabe criminals to build and launch their own phishing campaigns. Research by Help Net Security discovered that these phishing kits are sophisticated and are configured for campaigns that can steal credit card details, personal information, and Social Security numbers. One of the most notable kits included Chase XBALTI that is used to target customers of Amazon and Chase.

Types of phishing kits

While there are various kinds of phishing kits available based on targets and functionality, they can be classified into the following types:
  • Basic kit - contains simple files written in HTML, PHP, and JavaScript. This will transfer victim data to local log files and the attackers have to manually collect it.
  • Dynamic kit - contains specially designed code and logic to exhibit dynamic content to victims. This can take the form of a fake consumer banking login page or displaying company logos based on their email address.
  • Puppeteer kit - especially made for collecting banking information and enabling live interaction between the attacker and target. This kit is used to evade OTP prompts, secret words, and security phone calls.
  • Commercial kit - these are the popular phishing kits that have been commoditized. The authors of these kits license them and even provide online storefronts where buyers can log in, buy, download, and configure phishing kits.
  • Frameworks - these are more like applications instead of archive files, which can be run on makeshift web servers to automatically generate and execute phishing pages.

The bottom line

Phishing kits continue to be developed and disseminated as online sites change their security processes. This pushes kit developers to alter their code to precisely match current designs and user experience. Several researchers suspect that phishing attacks will continue to surge in volume and sophistication and phishing kits will enable even less-skilled attackers to deploy attacks.

Cyware Publisher

Publisher

Cyware