Skilled malware writers have found a way for less experienced cyber criminals to do their work for them. A new freeware phishing kit being offered in hacker forums offers cyber criminals a way to set up fake websites and spam emails to capture users’ legitimate login credentials.
However, the malware writers are able to siphon off a significant portion of entered login credentials, leaving only a few for the cyber criminals employing the phishing kit. This allows writers to capture the information without having to do the tedious work of setting up spam campaigns.
The kit appears to have been developed in Algeria and had Arabic-language tutorials but operates in English, according to Imperva, a database security company.
“Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers,” according to a blog post by Imperva. “And with the new cloud-based approach the infrastructure for this phishing kit never goes away. Why? In traditional schemes when you take down a server you take down not only the web page but also the back end data collection capability. In this cloud version, data collection is hosted separately from the phishing web sites which means hackers only need to repost the web front end in a new location to be back in business.”