Security News > 2022 > November > Robin Banks phishing service returns to steal banking accounts
The Robin Banks phishing-as-a-service platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service attacks.
Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Santander, Lloyds Bank, and the Commonwealth Bank.
A new report from IronNet warns of the return of Robin Banks and highlights the measures its operators have taken to better hide and protect the platform from researchers.
To get their service back online, Robin Bank's operators turned to DDoS-Guard, a Russian internet services provider with a long history of controversial business exchanges, some of its customers being Hamas, Parler, HKLeaks, and, more recently, Kiwi Farms.
To prevent outsiders from accessing the phishing panel, Robin Banks has now added two-factor authentication for customer accounts.
Robin Banks developers have also implemented the 'Evilginx2' reverse proxy for 'adversary-in-the-middle' attacks and steal cookies containing authentication tokens.