Home Security Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

by crpt os


A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services.

The switch comes after “Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations,” according to a report from cybersecurity company IronNet.

Robin Banks was first documented in July 2022 when the platform’s abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services.

It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetize initial access to corporate networks for post-exploitation activities such as espionage and ransomware.

In recent months, Cloudflare’s decision to blocklist its infrastructure in the wake of public disclosure has prompted the Robin Banks actor to move its frontend and backend to DDoS-Guard, which has in the past hosted the alt-tech social network Parler and the notorious Kiwi Farms.

“This hosting provider is also notorious in not complying with takedown requests, thus making it more appealing in the eyes of threat actors,” the researchers noted.

Chief among the new updates introduced is a cookie-stealing functionality, in what’s seen as an attempt to serve a broader clientele such as advanced persistent threat (APT) groups that are looking to compromise specific enterprise environments. It’s offered for $1,500 per month.

Robin Banks Phishing Service

This is achieved by reusing code from evilginx2, an open source adversary-in-the-middle (AiTM) attack framework employed to steal credentials and session cookies from Google, Yahoo, and Microsoft Outlook even on accounts that have multi-factor authentication (MFA) enabled.

Robin Banks is also said to have incorporated a new security measure that requires its customers to turn on two-factor authentication (2FA) to view the stolen information via the service, or, alternatively, receive the data through a Telegram bot.

Another notable feature is its use of Adspect, an ad fraud detection service, to redirect targets of phishing campaigns to rogue websites, while leading scanners and unwanted traffic to benign websites to slip under the radar.

CyberSecurity

The findings are just the latest in a series of new PhaaS services that have emerged in the threat landscape, including Frappo, EvilProxy, and Caffeine, making cybercrime more accessible to amateur and experienced bad actors alike.

What’s more, the improvements also illustrate the growing need for threat actors to rely on different methods such as AiTM and prompt bombing (aka MFA fatigue) – as recently observed in the case of Uber – to circumvent security measures and gain initial access.

“The infrastructure of the Robin Banks phishing kit relies heavily on open-source code and off-the-shelf tooling, serving as a prime example of the lowering barrier-to-entry to not only conducting phishing attacks, but also to creating a PhaaS platform for others to use,” the researchers said.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex