CloudSEK researchers have unearthed a brand new sophisticated phishing toolkit dubbed "NakedPages” which is advertised for sale on multiple cybercrime platforms and Telegram channels.
The toolkit, which was designed using NodeJS Framework operates JavaScript code and is fully automated having more than 50 phishing templates and site projects.
“Naked Pages is the phishing tool any serious developer//spammer needs with more features than any other reverse proxy combined or PHP phishing framework combined,” reads an advertisement on a cybercrime forum.
Additionally, the advertisement mentions that there is a possibility of providing software licenses if the buyer pays $1000 upfront and contributes by sharing new thoughts for the open-source project on GitHub. The buyers can contact the hacker via a Google Forms page.
According to CloudSEK researchers, the toolkit is manufactured to work on Linux and requests for read, write and execute permissions from the ‘user’ and also asks for learning and execute permissions from both ‘group’ and ‘others’ in order to function smoothly.
Moreover, the toolkit is laced with fully-integrated and battle-based anti-bot features, capable of sporting security bugs of different types from over 120 nations.
“[NakedPages] would equip malicious actors with the details required to launch sophisticated ransomware attacks,” researchers explained.
CloudSEK has not identified the author behind the new phishing toolkit but believes there is a new player on GitHub and the cybercrime platform, with both accounts being less than a month old.
“There have been no concrete samples shared by the threat actor. Repeated attempts for establishing contact were made by our source, but the threat actor hasn’t responded,” CloudSEK stated.
The researchers also issued an advisory to the users who may be impacted by NakedPages to monitor for anomalies in accounts and systems that could be indicators of possible account breaches and execute multi-factor authentication (MFA) practices across all accounts.
Last month, the Resecurity Hunter unit detected a new phishing campaign, dubbed Frappo, disseminated aggressively on the dark web and via Telegram channels.
The phishing campaign allowed scammers to host and design high-quality phishing websites that mimicked popular online banking, e-commerce, and retail services in order to exfiltrate private data from their target customers.
The phishing pages impersonated 20 financial institutions (FIs), online retailers, and popular services – including Amazon, Uber, Netflix, Bank of Montreal (BMO), Royal Bank of Canada (RBC), CIBC, TD Bank, Desjardins, Wells Fargo, Citizens, Citi and Bank of America.