LogoKit update: The phishing kit leveraging open redirect vulnerabilities

2022-08-09 12:24

Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content.

The spike of LogoKit was been identified around the beginning of August, when multiple new domain names impersonating popular services had been registered and leveraged together with open redirects.

While LogoKit is known for a while in the underground, at least since 2015, the cybercrime group behind it is constantly leveraging new tactics.

Around November 2021, there were over 700 identified domains names used in campaigns leveraging LogoKit - their number is constantly growing.

LogoKit relies on sending users phishing links that contain their email addresses.

The use of open redirect vulnerabilities significantly facilitates LogoKit distribution, as many online-services don't treat such bugs as critical, and in some cases - don't even patch, leaving the open door for such abuse.

News URL

https://www.helpnetsecurity.com/2022/08/09/logokit-open-redirect-vulnerabilities/

#phishing #vulnerabilities