A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services, targeting mobile devices with email, SMS, and voice phishing. The phishing pages use hCaptcha to prevent automated analysis tools from flagging them, and attempt to give an illusion of credibility by customizing the page in real-time. The one-time password entered by the user is captured and used to sign in to the desired online service.


A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices, Lookout said.

The phishing kit allows the operator to customize the phishing page in real-time and captures the one-time password (OTP) entered by the user, who is then directed to any page of the attacker's choosing.

Image source : hackerNews.com

Despite the URLs and spoofed pages looking similar to what Scattered Spider might create, the phishing kit used by the threat actor groups is significantly different. Fortra revealed that a new phishing-as-service group called LabHost has overtaken its rival Frappo in popularity in 2023, using a real-time campaign management tool named LabRat and an SMS spamming tool dubbed LabSend.

Reference : new phishing kit leverages(thehackernews)

1 Comments

  1. Swami BhattarMarch 2, 2024 at 6:10 AM

    I believe that as digital currencies are going to become more popular, there will be a major problem related to this.

    ReplyDelete

Post a Comment