Lmst

Phishing Kits: An Interactive Deep Dive: https://flare.io/learn/resources/blog/phishing-kits-an-interactive-deepdive/

BlackForce – das Phishing‑Kit, das MFA-Systeme ausspielt

Seit seiner ersten Beobachtung im August 2025 habe sich das Phishing‑Toolkit BlackForce schnell zu einem gefürchteten Werkzeug für Cyberkriminelle entwickelt, berichtet Zscaler ThreatLabz. Das Besondere: Es kombiniere klassischen Credential‑Diebstahl mit Man‑in‑the‑Browser‑Techniken...

Mehr: https://maniabel.work/archiv/796

#PhishingKit #BlackForce #CredentialDiebstahl #MITB #Trojaner #JavaScript #infosec #infosecnews #BeDiS

GhostFrame – Das unsichtbare Phishing‑Kit

Bereits im September 2025 entdeckte Barracuda das Phishing‑Toolkit GhostFrame, das seitdem in über einer Million verdeckten Angriffen eingesetzt worden sein soll. Anders als herkömmliche Phishing‑Methoden verstecke das Kit seine Schadfunktion hinter einer scheinbar harmlosen HTML‑Datei, welche ein verstecktes iframe enthalte.

Mehr: https://maniabel.work/archiv/791

#GhostFrame #Phishing #PhishingKit #html #infosec #infosecnews

Neu auf dem CyberCrime-Markt: SpiderMan-Phishing-Kit

Das neue Phishing‑Kit Spiderman habe die Cyberkriminellen‑Szene erobert, da es selbst technisch wenig versierten Angreifern das Ausspähen von Bank‑ und Krypto‑Konten ermöglicht, berichtet VARONIS. Der Name sei Programm: Wie ein Spinnennetz verknüpfe das Toolkit zahlreiche europäische Banken und Finanzdienste zu einem einzigen Angriffspunkt.

Mehr: https://maniabel.work/archiv/761

#PhishingKit #Phishing #Spiderman #Crypto #infosec #infosecnews #BeDiS

🪝🚨 New ‘Spiderman’ phishing kit makes it trivial to clone major EU bank logins and steal credentials and OTPs in real time. If you get unexpected bank‑login links, double‑check before typing anything.

Read: https://hackread.com/spiderman-phishing-kit-european-banks-credential-theft/

#Phishing #Cybersecurity #BankFraud #Spiderman #PhishingKit

Watch out: The new #Salty2FA phishing kit bypasses MFA and clones real brand login pages, making fake sites look convincing and harder to detect.

Read: https://hackread.com/salty2fa-phishing-kit-bypasses-mfa-clone-login-pages/

#CyberSecurity #Phishing #Scam #CyberCrime #PhishingKit

Anatomy of a Phishing Kit

Phishing is a profitable industry: low cost, low risk, high reward. In fact, there’s more phishing “enabling technology” than there are barriers to entry. The resources that one needs to conduct phishing attacks are easily acquired using search engines or AI agents, are rolled up into “kits”, or are offered as services. In Part 1 of a series, we’ll look at phishing kits.

https://interisle.substack.com/p/anatomy-of-a-phishing-kit

#phishing #phishingkit #cybercrime #fraud

A lot of work has been done here :heart_cyber: :blobcatheart:

https://www.mnemonic.io/resources/blog/exposing-darcula-a-rare-look-behind-the-scenes-of-a-global-phishing-as-a-service-operation/

#smishing
#phishing
#magiccat
#phishingkit
#sms
#rcs
#dracula

We published a blog yesterday about a PhaaS and phishing kit that employs DoH and DNS MX records to dynamically serve personalized phishing content. It also uses adtech infrastructure to bypass email security and sends stolen credentials to various data collection spaces, such as Telegram, Discord, and email. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/

#dns #doh #mx #adtech #obfuscation #phaas #phishing #phishingkit #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #wordpress #spam #telegram #discord #morphingmeerkat

🎣 Ledger #phishingkit abusing formsubmit.co services as a vector for exfiltrating stolen data.

💡 Note that this email address is fixed in a piece of code, more or less hidden ➡️ backdoored kit.

#Phishing kit detected/analyzed by https://www.StalkPhish.io

🎣 PhishingKit-Yara-Rules project - commit #2️⃣2️⃣3️⃣ - this week detect #phishing kits targeting customers of brands:

📌 Netflix
📌 leboncoin
📌 Eika
📌 CaliforniaEDD
📌 Huntington National Bank

👉 Use these rules for a better detection of #phishing threats targeting your brand, your customers, your users...

👉 Find these rules in our StalkPhish.io #CTI product too! (you always need a new feed)

--
📩 Contact and follow us if you need help fighting #phishingkit, #fraud and #brand impersonation... we have tools, data and knowledge to help!

#phishingkit #freesoftware #frenchtech #stalkphish #cybersecurity #cybermois

🎏 New #PhishingKit #Yara Rules added to our project started in 2019: PhishingKit-Yara-Rules

5️⃣ rules added, 1️⃣ deleted, detecting phishing kits targeting:
✅ Meta
✅ Instagram
✅ Spotify
✅ Chase
✅ Standard Bank Group

👉 Use these rules for a better detection of #phishing threats targeting your brand.

As each week, we added 5️⃣ rules dedicated to detect phishing kits targeting customers of the following companies:

📌 Docusign
📌 GECU
📌 Netflix
📌 GarantiBBVA
📌 Multiple crypto coins wallets

🔗 https://github.com/t4d/PhishingKit-Yara-Rules

🚀 There is more than 7️⃣1️⃣0️⃣ rules now!

#cybersecurity #fraud #phishingkit #yara #frenchtech

📬 LabHost-Phishing-Dienst zerschlagen: Über 30 Festnahmen weltweit
#ITSicherheit #europol #Internetkriminalität #LabHost #OperationNebulae #PhishingasaService #PhishingKit #PhishingSeiten https://sc.tarnkappe.info/d0b959

🔬 5️⃣ new #yara rules added to the PhishingKit-Yara-Rules project

👉 Rules for #phishing kits targeting #customers of:

📌 @DocuSign

📌 @PancakeSwap

📌 @SocieteGenerale

📌 @telekomerleben

📌 @servicepublicfr

🔗 https://github.com/t4d/PhishingKit-Yara-Rules/commit/851f7833c2d73f9c88e90a1e14d4c256d09f838c

#cybersecurity #fraud #phishingkit

🚀 Hey Hey! We've just passed the 600 #phishing kit yara rules available for free on our repository!

💡 Feel free to participate too, it's a #community project that aims to benefit as many people as possible... as in Free and Open Source software

➡️ https://github.com/t4d/PhishingKit-Yara-Rules

#fraud #phishingkit #FLOSS #opensource

💡 Did you know: you can use our 𝐏𝐡𝐢𝐬𝐡𝐢𝐧𝐠𝐊𝐢𝐭-𝐘𝐚𝐫𝐚-𝐑𝐮𝐥𝐞𝐬 project with only 2️⃣ command lines

📌 Install Cisco Thalos ClamAV
📌 Git clone our dedicated repository
📌 Scan your phishing kit collection using clamscan

👇 Look at the picture, see how simple it is:

#phishing #scam #phishingkit #fraud

🔥 5 new PhishingKit Yara rules, dedicated to sorting and detecting phishing kits:

This 1️⃣8️⃣1️⃣st commit, let's detect phishing kit sources impersonating:

✅ DHL
✅ Crédit Agricole CIB
✅ La Poste Groupe
✅ Carrefour
✅ Orange

👉 Free and opensourced rules: https://github.com/t4d/PhishingKit-Yara-Rules

👉 How to use these rules? With ClamAV for example: https://stalkphish.com/2022/01/25/using-phishingkit-yara-rules-with-clamav/

👉 Or you can find these rules in VirusTotal

#Phishing #phishingkit #fraud #SOC #CSIRT #yara #stalkphish #opensource #freeware

➡️ 5 new #yara rules added to the PhishingKit-Yara-Rules project (https://github.com/t4d/PhishingKit-Yara-Rules)

Rules for #phishing kits targeting #customers of:

👉 DHL
👉 Ledger
👉 LinkedIn
👉 ohioCUmortgage
👉 Zendesk

#cybersecurity #fraud #phishingkit #yara

Data theft #phishing kit for French citizens:

Targeting Direction générale des Finances publiques, this #phishingkit target:
👉 bank account access
👉 identity theft
👉 telephone number theft
👉 2FA access

#fraud #simswap #2FA

https://www.linkedin.com/posts/stalkphish_phishingkit-impots-french-citizens-activity-7117173027871547393-FKiu?utm_source=share&utm_medium=member_android

#PhishingKit

Client Info