Robin Banks crooks back at the table with fresh phish from Russia

2022-11-08 17:45

Robin Banks, the phishing-as-a-service platform that was kicked off Cloudflare for malicious activity, is back in action with a Russian service provider and new tools to make it easier to bypass security measures.

IronNet's Threat Research unit first wrote about Robin Banks in July, detailing a threat group that was selling phishing kits to cybercriminals who then would use those tools to steal credentials and financial data of people in the US, the UK, Canada, and Australia.

The operators behind Robin Banks have since moved their infrastructure to DDoS-Guard, a Russian service provider known for hosting phishing and other criminal activities, IronNet researchers write in a report this week.

Along with finding a new host, the Robin Banks crew is upping the security of its own platform while offering new tools aimed at getting around cybersecurity like two-factor and multifactor authentication.

To reduce the possibility of someone hacking the platform, Robin Banks now requires 2FA for kit customers who want to view phished information through the group's main GUI. If they don't want to adopt 2FA, the kit buyers can choose to have the phished data sent to a Telegram bot.

Robin Banks operators created a separate private Telegram channel to keep outsiders from snooping on private administrator conversations about the platform.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/08/robin_banks_phishing_service/

#bank #phish #russia