Security News > 2022 > November > Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server
2022-11-07 07:36

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services.

The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.

Robin Banks was first documented in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services.

In recent months, Cloudflare's decision to blocklist its infrastructure in the wake of public disclosure has prompted the Robin Banks actor to move its frontend and backend to DDoS-Guard, which has in the past hosted the alt-tech social network Parler and the notorious Kiwi Farms.

Robin Banks is also said to have incorporated a new security measure that requires its customers to turn on two-factor authentication to view the stolen information via the service, or receive the data through a Telegram bot.

"The infrastructure of the Robin Banks phishing kit relies heavily on open-source code and off-the-shelf tooling, serving as a prime example of the lowering barrier-to-entry to not only conducting phishing attacks, but also to creating a PhaaS platform for others to use," the researchers said.


News URL

https://thehackernews.com/2022/11/robin-banks-phishing-service-for.html