16Shop Phishing Gang Goes After PayPal Users

2020-01-21 22:07

According to researchers at the ZeroFOX Alpha Team, the latest version of the group's phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information as possible from users of the popular money-transfer service, including login credentials, geolocation, email address, credit-card information, phone number and more.

The researchers were able to intercept traffic between the kit and the C2 server, and gain access to the server panel that 16Shop rents to users.

"The 16Shop kit panel is professionally done, with reactive elements and data updating in real time. Whether its login credentials collected, emails collected, credit cards, bots or clicks, kit operators are able to see the success of their operation in a quick and efficient manner."

Antibot has an API endpoint where 16Shop operators can load an API key into the kit, and the kit will send the visitor's User-Agent out to antibot to see if a visitor is a "Bot or not." Antibot also offers services for link shortening, link clickthrough and tracking, as well as Bank Identification Number checking.

A kit author could purchase only an Amazon kit, and then see a new PayPal kit with great antibot features, so it incurs a 'fear of missing out' and causes the operator to purchase the new package," the researchers said.

News URL

https://threatpost.com/16shop-phishing-gang-paypal-users/152064/

#paypal #phishing

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Paypal		19	3	20	0	1	24