New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ Brands

A recent analysis published by Infoblox reveals a sophisticated phishing operation, dubbed Morphing Meerkat, actively exploiting DNS vulnerabilities for years to conduct highly effective phishing campaigns.

According to researchers, this operation utilizes a phishing-as-a-service (PhaaS) platform, enabling both technical and non-technical cybercriminals to launch targeted attacks.

The platform is equipped with tools to bypass security systems, including the exploitation of open redirects on adtech servers, redirection through compromised WordPress websites, and the use of DNS MX records to identify victim email service providers. Also, they use mass spam delivery and dynamic content tailoring to evade traditional security measures.

“We have discovered a phishing kit that creatively employs DNS mail exchange (MX) records to dynamically serve fake, tailored, login pages, spoofing over 100 brands,” researchers noted in the blog post, shared with Hackread.com ahead of its release.

Regarding the distribution of spam emails, the platform’s primary attack vector ...