Criminals allow self-cannibalization using advanced Phishing Kits

January 24, 2020
phishing kits antiphishing phishing detection hacking hacker

Scammers nowadays still use the old method in conducting phishing scams to target its victim. But what’s threatening is that hackers came up with this fresh distribution method of internet phishing where they cannibalize an already compromised web server using phishing kits which is designed to mirror legitimate websites, such as those maintained by Microsoft, Apple or Google.

A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit. Phishing kits work like a normal website where the user is asked for sensitive information after logging in to a legitimate site. The user will be directed to a legitimate website as if no phishing happens.


During 2018, 482.5 million phishing redirection attempts have been detected compared to 246.2 million attempts detected in 2017. As a result, a total of 18.32 percent of users were attacked by the hackers.


Researchers found this new method of phishing as very stealthy as the first hacker provide holes in the installation stage allowing the next hacker to use this hole to invade and upload additional files and will take over the operation of the kit. This stealthy phishing kits are also a perfect entry for a hacker have access to the back end of a legitimate web server.

According to firm’s research, the main reason behind this problem is the way the kits are constructed. Code-sharing resulted to many of the phishing kits to come pre-packaged with the same types of file-upload vulnerabilities. The fact that the code for the uploader script and the uploader class file don’t check for file type, this results to more vulnerability to phishing activity. The uploader class file will create an upload path as soon as the user will upload executable code to the web root if the upload path doesn’t already exist.

Reusing code is a normal part in both the legitimate and the cybercrime while adapting open-source components so as to not reinvent the wheel when it comes to basic functions.The only difference between legitimate and cybercrime world is how to deal with problems. In the legitimate domain, as soon as the problem is discovered, it is usually quickly addressed and corrected.


About the author

Leave a Reply