Security News > 2020 > January > 16Shop Phishing Gang Goes After PayPal Users

16Shop Phishing Gang Goes After PayPal Users
2020-01-21 22:07

According to researchers at the ZeroFOX Alpha Team, the latest version of the group's phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information as possible from users of the popular money-transfer service, including login credentials, geolocation, email address, credit-card information, phone number and more.

The researchers were able to intercept traffic between the kit and the C2 server, and gain access to the server panel that 16Shop rents to users.

"The 16Shop kit panel is professionally done, with reactive elements and data updating in real time. Whether its login credentials collected, emails collected, credit cards, bots or clicks, kit operators are able to see the success of their operation in a quick and efficient manner."

Antibot has an API endpoint where 16Shop operators can load an API key into the kit, and the kit will send the visitor's User-Agent out to antibot to see if a visitor is a "Bot or not." Antibot also offers services for link shortening, link clickthrough and tracking, as well as Bank Identification Number checking.

A kit author could purchase only an Amazon kit, and then see a new PayPal kit with great antibot features, so it incurs a 'fear of missing out' and causes the operator to purchase the new package," the researchers said.


News URL

https://threatpost.com/16shop-phishing-gang-paypal-users/152064/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Paypal 19 3 20 0 1 24