Recherche : [PhaaS] - Cyberveille

PhaaS actor uses DoH and DNS MX to dynamically distribute phishing https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/

03/04/2025 09:29:20

Large-scale phishing attacks use DoH and DNS MX records to dynamically serve fake login pages

Lucid https://catalyst.prodaft.com/public/report/lucid/overview

27/03/2025 10:21:25

Lucid is a sophisticated Phishing-as-a-Service (PhaaS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally. With 129 active instances and 1000+ registered domains, Lucid ranks among prominent PhaaS platforms, alongside Darcula and Lighthouse.
Its scalable, subscription-based model enables cybercriminals to conduct large-scale phishing campaigns to harvest credit card details for financial fraud. The platform employs an automated attack delivery mechanism, deploying customizable phishing websites distributed primarily through SMS-based lures. To enhance effectiveness, Lucid leverages Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.
Lucid incorporates advanced anti-detection and evasion techniques, such as IP blocking and user-agent filtering, to prolong the lifespan of its phishing sites. Additionally, it features a built-in card generator, enabling threat actors to validate and exploit stolen payment data efficiently. Given its advanced infrastructure and persistent activity, Lucid poses a significant and ongoing cyber threat. Its operations underscore the growing reliance on PhaaS platforms to facilitate payment fraud and financial cybercrime, necessitating heightened vigilance and proactive mitigation efforts.

Mamba 2FA: A new contender in the AiTM phishing ecosystem - Sekoia.io Blog https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/

07/10/2024 16:38:39

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit and sold as phishing-as-a-service (PhaaS).

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US) https://www.trendmicro.com/en_us/research/24/d/labhost-takedown.html?ref=news.risky.biz

19/04/2024 07:10:16

On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost. This move was also timed to coincide with a number of key arrests related to this operation. In this entry, we will briefly explain what LabHost was, how it affected its victims, and the impact of this law enforcement operation — including the assistance provided by Trend Micro.

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

26/03/2024 09:09:23

Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.

Interpol takes down 16shop phishing-as-a-service platform https://www.bleepingcomputer.com/news/security/interpol-takes-down-16shop-phishing-as-a-service-platform/

10/08/2023 10:02:02

A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service (PhaaS) platform.

Liens par page

Filtres