Phishing platform as a service (PhaaS) Robin Banks has moved its infrastructure to a ‘notorious Russian provider’ that is rarely affected by ethics or takedown requests, after being expelled from the US CDN Provider (Opens in a new tab) Cloudflare in July 2022.
Cloudflare originally took action after a Report (Opens in a new tab) From cybersecurity threat research firm IronNet published the same month, but a new follow up Research (Opens in a new tab) He asserts that this was not enough to put the service on ice.
Furthermore, IronNet claims that Robin Banks has seen feature updates, such as a “cookie theft tool” that can be used to evade Multi-Factor Authentication (MFA) checks that it hopes will make the service more dangerous for potential victims.
Moving to Russia
According to the original IronNet report, IronNet provided threat actors with an easy and convenient way to attempt to steal sensitive data from businesses, bank customers, and others who hold sensitive data.
Among other technologies, the service can deceive users by offering fake landing pages for legitimate services offered by Google and Microsoft.
After a three-day hiatus, Robin Banks organizers have moved the front-end and back-end infrastructure to DDOS-GUARD, a popular Russian hosting provider known for supporting threat actors and ignoring takedown requests.
The PhaaS platform has also since introduced two-factor authentication for the service, allowing group customers to view spoofed information via a central graphical user interface (GUI).
To make matters worse, the potential for new cookies to be stolen is locked behind an additional subscription service, which means phishing developers will make more money, with no simple way to stop them in their tracks.
According to IronNet, Robin Banks’ phishing suite relies heavily on open source code and tools on the market. Packaged as a service, it significantly lowers the entry barrier for anyone interested in engaging in phishing attacks.
Phishing is one of the most common methods of stealing login information and other targeted data in cases of identity theft.
Across: Hacker News (Opens in a new tab)