Microsoft warns of on-demand phishing gang

The Microsoft security team today released a report on a massive operation that offered phishing services to cybercrime gangs from a hosting infrastructure. Researchers at the computer giant are linking this structure to Phishing-as-a-Service (PHaaS) services.

  • Specialized gang in phishing uses Morse code to cover up attacks
  • How a journalist ended a phishing campaign in two days
  • Do you know what pharming is? Know the threat and how to avoid it

The service, which goes by the names BulletProofLink, BulletProftLink and Anthrax, is currently advertised on cyber crime forums. It is considered an evolution of the “phishing kits” that have been around for a few years, which are made up of multiple phishing pages and login layouts from well-known companies and services. The detailed operation in Microsoft’s report, in addition to these items, also offers hosting and sending email services integrated into its infrastructure.

What makes BulletProofLink a PHaaS is the fact that members of the malware team itself do all the work necessary for the scam to occur, from creating the fake pages, configuring the address that will redirect to the fraudulent website, sending the messages to victims, collecting the data, and finally, deliver the information to customers.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

Image showing the BulletProofLink layout shop. (Image: Reproduction / The Record)

Interested criminals must pay a fee of US$ 422 (about R$ 4.2 thousand at the current price) to enjoy the service. If customers want page layouts not included in the starter package, BulletProofLink also offers a store with other designs for the sites, with prices ranging from US$ 80 up to US$ 300 (R $ 300 and R$ 527, respectively).

High volume of fake pages

Microsoft researchers describe BulletProofLink’s performance as technologically advanced, with criminals often modifying websites’ DNS records so that they generate subdomains, which are used to host the fake pages used for steal data from victims.

According to Microsoft, the volume of attacks by this phishing service is so large that, in a single search, they found it 300 thousand fake pages hosted on subdomains of trusted websites, directly related to BulletProofLink.

Microsoft’s report, however, points out that BulletProofLink is stealing from its own clients, keeping copies of all data obtained in the scams and trading them on dark web forums, confirming the old saying that there is no honor among thieves.

Source: The Record, Microsoft

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

800 800


Related Articles

Back to top button