Specialists in cybersecurity from Riskiq detected a new hacker set of tools for phishing, the main functionality of which is to change the logo and text on the phishing page in real time for instant adaptation for a specific sacrifice.
The Logokit toolkit, according to Riskiq, has long been used by cybercriminals during phishing attacks. It was installed on more than 300 domains for the last week, and more than 700 for the current year. Experts note that the Logokit sends phishing links to users that contain victim email addresses.
"As soon as a person goes on the link, the logokit tool gets the company's logo where it works by loading it from a third-party service. The email address of the user is automatically affixed in the corresponding field, as a result of which the victim thinks that has already been authorized on this site. After the victim enters the password, the logokit executes the AJAX request, sending the received credentials to the external server, after which it immediately redirects the user to the real site of its organization, "say to Riskiq:
Experts note that the logokit tool has a similar functionality due to the embedded set of JavaScript functions, "which can be added to any general form of authorization or in complex HTML documents." Such an approach is significantly different from the standard sets of tools for phishing, most of which require accurate patterns to simulate the page authorization page.
The modularity of the Logokit set allows cybercriminals to hold an attack on almost any company that they want, with minimal time setting costs.
Riskiq reported that during January 2021 it was noted that the logokit tool was used to simulate and create authorization pages for different services, from ordinary corporate sites to well-known web portals (SharePoint, Adobe Document Cloud, Onedrive, Office 365), cryptocurrency stock exchange
"It is important to note that the logokit is a JavaScript file set, so its resources can also be posted on publicly available trusted services - Firebase, Github, Oracle Cloud and others, most of which are listed in white lists of corporate media, so users will not receive any warnings ", - summarized in Riskiq.
More interesting material on cisoclub.ru. Subscribe to us: Facebook | Vk | Twitter | Instagram | Telegram | Zen | Messenger | Icq new | YouTube | Pulse.