Morphing Meerkat Phishing Kits Target Over 100 Brands
securityweek
A phishing-as-a-service (PhaaS) platform has been observed generating phishing kits that use DNS mail exchange (MX) records to serve fake login pages spoofing over 100 brands, cybersecurity company Infoblox reports.
The platform, likely operated by a threat actor tracked as Morphing Meerkat, provides users with services such as mass spam delivery, email security system bypass, and obfuscation.
According to Infoblox, the threat actor exploits open redirect vulnerabilities on adtech infrastructure, uses compromised domains to send phishing emails, and distributes stolen credentials via email and chat services.
Phishing kits generated by the PhaaS platform and used in attacks for roughly five years show consistent behavior, indicating that they are the product of a single threat actor, with the observed activity seemingly centralized, mainly around two internet services providers (ISPs): iomart (UK) and HostPapa (US).
Morphing Meerkat’s platform uses compromised WordPress sites to redirect victims, relies on DNS MX records to ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE