Cyber-criminals are nothing if not attuned to finding new customers for their wares, as Check Point and CyberInt found when they came across a next-generation phishing kit for sale on the Dark Web geared toward the neophyte, but discerning, hacker.
A joint investigative venture by Check Point and CyberInt found [A]pache Next Generation Advanced Phishing Kit on the Dark Web, which the companies described as a fifth-generation level kit. The kit is not necessarily inexpensive retailing for between US$ 100 (£73) and US$ 300 (£218), compared to the US$ 20 (£15) or US$ 50 (£36) most kits sell for, but for the price [A]pache delivers what the researchers called one of the most advanced phishing kits yet spotted.
“With [A]pache's next-generation phishing kit, however, threat actors are provided with a full suite of tools to carry out their attack. These include an entire back-office interface with which they can create convincing fake retail product pages and manage their campaign,” the report stated. This includes having their own versions of sites including, Walmart, Americanas, Ponto Frio, Casas Bahia, Submarino, Shoptime and Extra.
At this point, the product is developed primarily for use in the Brazilian market, but the fact that some American brands are also included means it could be used in the US too.
The kits then lay out the step by step process the users need to follow to get their phishing scam up and running.
After choosing a retailer to emulate the customer are shown how to register a domain name to be used, a payment option for the victims is picked. Next the malicious actor inserts legitimate product URLs from the site being replicated to help make the fake site appear real. This includes setting prices for the products and the kit sellers suggest making the prices competitive with what is available in the real world to add an extra layer of authenticity.
“Care needs to be taken here though as reducing prices too low though would raise suspicions with captivated ‘customers'. Finally, the kit owner has to learn how to view the victim's stolen information,” the report states.
The two companies also took a stab at who might be behind [A]pache. The team found the name Douglas Zedn in the Walmart control panel code, along with an image that may or may not be associated with the name. The information is included at the end of the report.