Cloudflare cut off this phishing-as-a-service platform, so it moved to Russia

By Scott Marlette Last updated Nov 7, 2022

Phishing-as-a-service (PhaaS) platform Robin Banks has relocated its infrastructure to a “notorious Russian provider” rarely swayed by ethics or takedown requests, after being booted from the US-based CDN provider (opens in new tab) Cloudflare in July 2022.

Cloudflare originally took action following a report (opens in new tab) from cybersecurity threat research company IronNet published in the same month, but new follow-up research (opens in new tab) confirms that this wasn’t enough to put the service on ice.

Furthermore, IronNet claims that Robin Banks has seen feature updates, such as a “cookie stealer” that can be used to evade multi-factor authentication (MFA) checks that hope to make the service even more dangerous to potential victims.

Moving to Russia

According to IronNet’s original reporting, IronNet provided threat actors with an easy and convenient way to try and steal sensitive data from businesses, bank customers and others keeping sensitive data.

Among other techniques, the service could fooled users by offered fake landing pages for legitimate services offered by Google and Microsoft.

Following a three-day long outage, Robin Banks’ organizers relocated its front-end and back-end infrastructure to DDOS-GUARD, a popular Russian hosting provider that’s known for supporting threat actors and ignoring takedown requests.

The PhaaS platform has also since introduced two-factor authentication to the service, allowing kit customers to view phished information via a central graphical user interface (GUI).

Adding insult to injury, the new cookie stealer capability is locked behind a subscription add-on service, meaning that the phishing kit’s developers stand to profit even more, with no simple way of stopping them in their tracks.

According to IronNet, the Robin Banks phishing kit relies heavily on open-source code and tools found off-the-shelf. Packaged as a service, they significantly lower the barrier to entry for anyone interested in engaging in phishing attacks.

Phishing, a cybercrime practice in which hackers look to “fish” sensitive information via fake emails, landing pages, and mobile applications, is one of the most popular methods for stealing login and other data targeted in cases of identity theft.

Via: The Hacker News (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.