TAG cybersecurity experts: The breadth of targets in those campaigns stands in contrast to many government-backed operations.
Zerofox: Cybercrime is expanding the 16Shop already prolific phishing campaign. It runs similarly to software as-a-service (SaaS) products and it’s targeting Paypal, Apple, Amazon and other platforms
It’s dubbed 16Shop and is a prolific cybercrime phishing and data-stealing hacking campaign, that has expanded its operation with new attacks that target PayPal accounts – in addition to Apple, Amazon and other platform. It has been discovered by Zerofox cyber security experts. Phishing kits services run similarly to software as-a-service (SaaS) products. Users can purchase these kits and are given a license to distribute them for a cost. They are also provided installation and tear down instructions, updates for no additional cost, and access to portals to purchase more kits. Some distribution networks even have live support channels, social media pages and email addresses. It had been publicly attributed to a group called Indonesian Cyber Army, and specifically, one of the authors, DevilScreaM, has his moniker plastered over the kit code and distribution network.
The cyber security experts: The goal is credential theft, using a false sense of urgency as a leverage
According to the cyber security experts, the cybercrime actors behind the phishing kit-as-a-service store claim that the false domains they run have attracted over 23 million visits from users who have been duped into clicking through malicious links in spam emails. Like many other phishing campaigns, these attempt to convince the victim into clicking malicious links through a false sense of urgency. As ZDNet reports, one technique commonly used in the 16Shop messages – previously detailed by researchers at McAfee Labs – is for the attackers to claim someone has accessed the target’s account. The victim is then directed to a fake version of a login page for that account and asked to enter their user name and password. By doing this, the details are handed straight to the attacker, who can use this information for theft, fraud and other malicious purposes.