Security News > 2024 > July > This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service offerings to the next level.
The phishing kit is priced anywhere between $150 and $900 a month, whereas the bundle including the phishing kit and Android malware is available on a subscription basis for about $500 per month.
"Unlike typical phishing developers, the GXC Team combined phishing kits together with an SMS OTP stealer malware pivoting a typical phishing attack scenario in a slightly new direction," security researchers Anton Ushakov and Martijn van den Berk said in a Thursday report.
Phishing kits, which also come with adversary-in-the-middle capabilities, have become increasingly popular as they lower the technical barrier to entry for pulling off phishing campaigns at scale.
What's more, such AiTM phishing kits can also be used to break into accounts protected by passkeys on various online platforms by means of what's called an authentication method redaction attack, which takes advantage of the fact that these services still offer a less-secure authentication method as a fallback mechanism even when passkeys have been configured.
The disclosure comes amid a recent surge in phishing campaigns embedding URLs that are already encoded using security tools such as Secure Email Gateways in an attempt to mask phishing links and evade scanning, according to Barracuda Networks and Cofense.
News URL
https://thehackernews.com/2024/07/spanish-hackers-bundle-phishing-kits.html
Related news
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)