Carder
Professional
- Messages
- 2,635
- Reaction score
- 2,055
- Points
- 113
The cybercriminal group has developed a new set of tools to tweak phishing web pages in real time. In particular, the toolkit is able to change logos and text, keeping the fake page up-to-date and creating a complete illusion of a legitimate site.
The development was named LogoKit, and is currently being used in the cybercriminal world. This was reported by researchers from the RiskIQ company. who followed the development and distribution of LogoKit closely.
According to experts, over the past week they managed to fix the new tool on more than 300 domains, and over the last month - on more than 700 websites. LogoKit operators are known to send phishing links to victims containing the target's email addresses.
“As soon as the victim clicks on the link sent, LogoKit will immediately pull up the logo from a third-party service - for example, from the Clearbit or Google favicon database. In addition, the victim's email address is automatically populated into the appropriate field, reinforcing the illusion that the victim has already been to this site, ”reads the RiskIQ report. “If the user still enters his password, LogoKit will execute an AJAX request, in which it will send all the credentials to a third-party resource owned by the attackers. After that, the victim is calmly redirected to the legitimate official website".
LogoKit compares favorably with its peers using a set of JavaScript functions that can be easily added to any form for entering credentials or to complex HTML documents. Other phishing kits, as a rule, use the most reliable templates disguised as pages on legitimate sites.
The development was named LogoKit, and is currently being used in the cybercriminal world. This was reported by researchers from the RiskIQ company. who followed the development and distribution of LogoKit closely.
According to experts, over the past week they managed to fix the new tool on more than 300 domains, and over the last month - on more than 700 websites. LogoKit operators are known to send phishing links to victims containing the target's email addresses.
“As soon as the victim clicks on the link sent, LogoKit will immediately pull up the logo from a third-party service - for example, from the Clearbit or Google favicon database. In addition, the victim's email address is automatically populated into the appropriate field, reinforcing the illusion that the victim has already been to this site, ”reads the RiskIQ report. “If the user still enters his password, LogoKit will execute an AJAX request, in which it will send all the credentials to a third-party resource owned by the attackers. After that, the victim is calmly redirected to the legitimate official website".
LogoKit compares favorably with its peers using a set of JavaScript functions that can be easily added to any form for entering credentials or to complex HTML documents. Other phishing kits, as a rule, use the most reliable templates disguised as pages on legitimate sites.
