Phishing- As-A-Service

'Robin Banks' a notorious phishing-as-a-service (PhaaS) platform, has relocated its infrastructure to a Russian service platform known to used by cyber criminals and is offering a number of innovative new features to its criminal customers.

The relocation comes after the cloud infrastructure provider Cloudflare disconnected  Robin Banks from its services. The disconnection caused a prolonged outage to operations, according to a report from cyber security company IronNet.

Robin Banks was first reported in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services.

It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetise initial access to corporate networks for post-exploitation activities such as espionage and ransomware. 

Cloudflare's decision to blocklist its infrastructure in the wake of public disclosure has prompted  Robin Banks to move its frontend and backend to DDoS-Guard. "This hosting provider is also notorious in not complying with takedown requests, thus making it more appealing in the eyes of threat actors," said the IronNet researchers.

One of the features introduced is a cookie-stealing functionality which is achieved by reusing code an open source adversary-in-the-middle attack framework employed to steal credentials and session cookies from Google, Yahoo, and Microsoft Outlook even on accounts that have multi-factor authentication enabled.

  • Robin Banks is also said to have incorporated a new security measure that requires its customers to turn on two-factor authentication (2FA) to view the stolen information via the service, or, alternatively, receive the data through a Telegram bot.
  • Another notable feature is its use of ad fraud detection service, to redirect targets of phishing campaigns to rogue websites, while leading scanners and unwanted traffic to benign websites to slip under the radar.

Despite using an open-source tool that other cyber criminals could use themselves, Robin Banks charges customers a premium of $1500 a month on top of the regular $200 monthly fee for use of the cookie-stealing feature.

While there are numerous cyber criminals with the skills to develop their own proprietary hacking tools and malware in addition to maintaining the infrastructure necessary to conduct cyber attacks. The widespread availability of open-source tools hacking is having a commoditising effect, enabling less skilled cyber criminals to go phishing.

Heimdal:      IronNet:      CyberNews:       HotHardware:   tHacker News:    BleepingComputer: 

 IT Security News:      Security Affairs:     Phishing Tackle:

You Might Also Read:

Hackers Breach Multifactor Authentication:

 

« Ransomware Attacks Linked to FIN7
Smartphones Are More Vulnerable Than You Think »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Allianz

Allianz

Allianz Cyber Protect is a comprehensive cyber insurance provided internationally and tailored to your company´s risk profile.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

evolutionQ

evolutionQ

evolutionQ delivers quantum-risk management strategies and robust cybersecurity tools designed to be safe in an era with quantum computing technologies.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.