Malaysian police announced the liquidation of a large PHAAS platform BulletProftLink, which existed since 2015, and the arrest of eight suspects, including the alleged chief administrator of the service.
BulletProftLink (also known as BPL or Anthrax) was launched in 2015 and worked under the Phishing-as-a-Service scheme (PhaaS, "phishing-as-a-service"), eventually becoming one of the largest threats of this kind.
BulletProftLink worked as a regular SaaS platform, but it was intended for phishers: for a monthly fee of $ 2,000, the service provided attackers with hosting for phishing sites, access to phishing whales (collections of phishing pages and templates that mimic login forms of well-known companies), email templates for attacks, and training manuals.
A comprehensive report on BulletProofLink activity in 2021 was prepared by Microsoft, whose specialists wrote that they identified hundreds of thousands of phishing pages hosted on the platform's infrastructure.
According to more recent data from Intel471 analysts, as of April this year, BulletProofLink had 8,138 registered users (403% more than the Microsoft report), and the service sold phishing templates for 327 different brands, including Microsoft Office, DHL, the South Korean online platform Naver, as well as American Express. Bank of America, Consumer Credit Union, and Royal Bank of Canada.
In addition, the service recently acquired a reverse proxy server function (based on Evilginx2), which is necessary to intercept certain types of 2FA and gain access to accounts protected by multi-factor authentication.
As now reported by the Malaysian police, in early November, the service was closed with the support of the Australian Federal Police and the FBI, and several of its domains were confiscated.
On November 6, 2023, eight people were arrested in Kuala Lumpur, Sabah, Selangor and Perak, one of whom is considered to be the head and chief administrator of BulletProofLink. The authorities also seized about $ 213,000 worth of cryptocurrency assets, servers, computers, jewelry, luxury cars, and payment cards. Now the confiscated servers will be examined by law enforcement agencies to establish the identity of users of the platform.
Although the Malaysian authorities have not yet revealed the names of the suspects, back in 2020 OSINT Fans cybersecurity researcher Gabor Szathmari conducted an investigation of BulletProofLink activity and published a series of articles. The expert reported that the administrator of the PhaaS platform is a certain Adrian Bin Katong, known online under the nickname AnthraxBP and who claimed on LinkedIn that he is the CEO of the company BPL Hosting.
BulletProftLink (also known as BPL or Anthrax) was launched in 2015 and worked under the Phishing-as-a-Service scheme (PhaaS, "phishing-as-a-service"), eventually becoming one of the largest threats of this kind.
BulletProftLink worked as a regular SaaS platform, but it was intended for phishers: for a monthly fee of $ 2,000, the service provided attackers with hosting for phishing sites, access to phishing whales (collections of phishing pages and templates that mimic login forms of well-known companies), email templates for attacks, and training manuals.
A comprehensive report on BulletProofLink activity in 2021 was prepared by Microsoft, whose specialists wrote that they identified hundreds of thousands of phishing pages hosted on the platform's infrastructure.
According to more recent data from Intel471 analysts, as of April this year, BulletProofLink had 8,138 registered users (403% more than the Microsoft report), and the service sold phishing templates for 327 different brands, including Microsoft Office, DHL, the South Korean online platform Naver, as well as American Express. Bank of America, Consumer Credit Union, and Royal Bank of Canada.
In addition, the service recently acquired a reverse proxy server function (based on Evilginx2), which is necessary to intercept certain types of 2FA and gain access to accounts protected by multi-factor authentication.
As now reported by the Malaysian police, in early November, the service was closed with the support of the Australian Federal Police and the FBI, and several of its domains were confiscated.
On November 6, 2023, eight people were arrested in Kuala Lumpur, Sabah, Selangor and Perak, one of whom is considered to be the head and chief administrator of BulletProofLink. The authorities also seized about $ 213,000 worth of cryptocurrency assets, servers, computers, jewelry, luxury cars, and payment cards. Now the confiscated servers will be examined by law enforcement agencies to establish the identity of users of the platform.
Although the Malaysian authorities have not yet revealed the names of the suspects, back in 2020 OSINT Fans cybersecurity researcher Gabor Szathmari conducted an investigation of BulletProofLink activity and published a series of articles. The expert reported that the administrator of the PhaaS platform is a certain Adrian Bin Katong, known online under the nickname AnthraxBP and who claimed on LinkedIn that he is the CEO of the company BPL Hosting.
