Phishing-as-a-service (PhaaS) platform Robin Banks has moved its infrastructure to a “famous Russian provider” that has rarely been subject to ethics or takedown requests after being launched by a US-based CDN provider (opens in a new tab) Cloudflare in July 2022.
Cloudflare originally took action after a report (opens in a new tab) from the cyber threat research company IronNet, published in the same month, but with a new follow-up Tests (opens in a new tab) confirms that this was not enough to freeze the service.
Additionally, IronNet says Robin Banks has seen feature updates such as “cookie theft” that can be used to evade multi-factor authentication (MFA) checks that they hope to make the service even more dangerous for potential victims.
Moving to Russia
According to the original IronNet report, IronNet provided cybercriminals with an easy and convenient way to steal sensitive data from companies, bank customers, and others who hold sensitive data.
Among other things, this service may have deceived users by offering fake landing pages for legitimate services offered by Google and Microsoft.
After a three-day outage, organizers Robin Banks moved the front-end and back-end infrastructure to DDOS-GUARD, a popular Russian hosting provider known for supporting cybercriminals and ignoring content takedown requests.
Since then, the PhaaS platform has also introduced two-factor authentication to the service, allowing customers to view phishing information through a central graphical user interface (GUI).
As an added insult, the new cookie stealing feature is locked behind an additional subscription service, meaning there’s even more to phishing kit makers with no easy way to stop them.
According to IronNet, the Robin Banks phishing kit relies heavily on open source code and off-the-shelf tools. Packaged as a service, they significantly lower the barrier to entry for anyone interested in phishing attacks.
Phishing, the cybercrime practice of “fishing out” sensitive information via fake emails, landing pages and mobile apps, is one of the most popular methods of stealing login details and other data used in identity theft.
By: Hacker messages (opens in a new tab)