Phishing attacks continue to be a major threat in the cybersecurity landscape, with cybercriminals constantly developing new techniques and tools to steal sensitive information. One such tool that has garnered attention in recent times is the phishing-as-a-service (PhaaS) platform called Sniper Dz. This platform has been linked to over 140,000 phishing websites over the past year, indicating its widespread usage among cybercriminals.
The researchers at Palo Alto Networks Unit 42 who investigated Sniper Dz described it as a platform that provides aspiring phishers with an online admin panel and a catalog of phishing pages. Phishers can either host these pages on Sniper Dz-owned infrastructure or download the phishing templates to host on their own servers. What makes this platform particularly appealing is that it offers these services for free.
PhaaS platforms, like Sniper Dz, have become increasingly popular among cybercriminals as they enable even those with little technical expertise to conduct phishing attacks at scale. These platforms are easily accessible through channels on messaging apps like Telegram, where dedicated groups and channels provide all the necessary tools and services for a successful phishing campaign.
One unique aspect of Sniper Dz is its presence on Telegram, with a channel boasting over 7,170 subscribers. This channel serves as a hub for the platform’s users, where they can access updates, tutorials, and communicate with the developers and other users. Interestingly, the channel’s administrators recently enabled the auto-delete option for posts, which suggests an attempt to cover up their activities.
To demonstrate their offerings, Sniper Dz provides ready-to-use scam templates for popular online services such as X, Facebook, Instagram, Skype, Yahoo, Netflix, Steam, Snapchat, and PayPal. These templates are available in multiple languages, including English, Arabic, and French. Tutorial videos uploaded to platforms like Vimeo and YouTube further guide users through the process of downloading and setting up these templates.
Sniper Dz offers two options for hosting phishing pages. Phishers can either utilize the platform’s infrastructure to host the pages or download the templates and host them on their own servers. To avoid detection, the platform hides the phishing sites behind a legitimate proxy server, making it more challenging for security measures and users to identify the malicious nature of these pages.
Once the phishing pages are set up and operational, the stolen credentials are exfiltrated to the operators of Sniper Dz. This method, known as double theft, allows not only the phishers but also the platform operators to benefit from the stolen information. The stolen credentials are displayed on an admin panel, which can be accessed by logging into the clearnet site.
According to the researchers, Sniper Dz saw a surge in phishing activity starting in July 2024, primarily targeting web users in the U.S. The platform is known for its centralized infrastructure, which allows them to collect victim credentials stolen by phishers who use their services. This demonstrates the sophistication and scale at which these PhaaS platforms operate.
Phishing attacks are not limited to using PhaaS platforms like Sniper Dz alone. Recent findings by Cisco Talos highlight the abuse of web pages connected to backend SMTP infrastructure, as well as credential stuffing attacks against legitimate organizations’ mail servers. These methods aim to bypass spam filters and gain unauthorized access to email accounts for the purpose of sending spam emails.
Additionally, a new email phishing campaign has been discovered that exploits a security flaw in Microsoft Excel to distribute a fileless variant of the Remcos Remote Access Trojan (RAT). This campaign tricks victims into opening an Excel file, which triggers a chain of commands that eventually injects the RAT into a legitimate Windows process. This demonstrates the evolving nature of phishing attacks, as attackers find new ways to exploit vulnerabilities and propagate malware.
In conclusion, phishing attacks remain a significant threat to organizations and individuals alike. The rise of PhaaS platforms like Sniper Dz has made it easier for even non-technical individuals to partake in phishing campaigns, increasing the scale and impact of such attacks. It is crucial for individuals and organizations to stay vigilant, educate themselves about phishing techniques, and implement robust security measures to protect against these threats.
Source link
