Security News > 2021 > October > Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

Microsoft on Thursday disclosed an "Extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.

Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages that enable a threat actor to set up phishing emails and pages, using them as lures to harvest and transmit credentials to an attacker-controlled server.

The TodayZoo phishing campaign is no different in that the sender emails impersonate Microsoft, claiming to be password reset or fax and scanner notifications, to redirect victims to credential harvesting pages.

Where it stands out is the phishing kit itself, which is cobbled together out of chunks of code taken from other kits - "Some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers."

Specifically, large parts of the framework appear to have been lifted generously from another kit, known as DanceVida, while imitation and obfuscation-related components significantly overlap with the code from at least five other phishing kits such as Botssoft, FLCFood, Office-RD117, WikiRed, and Zenfo.

"This research further proves that most phishing kits observed or available today are based on a smaller cluster of larger kit 'families,'" Microsoft's analysis read. "While this trend has been observed previously, it continues to be the norm, given how phishing kits we've seen share large amounts of code among themselves."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/F_Qonprj3Po/microsoft-warns-of-todayzoo-phishing.html