Phishers Create Tool for Real-Time Updates of Fake Pages
A cybercriminal group has developed a new toolkit that allows phishing web pages to be updated in real time. This toolkit can change logos and text on the fly, keeping fake pages current and creating a convincing illusion of a legitimate website.
The toolkit, named LogoKit, is already being used in the cybercrime world, according to researchers from RiskIQ who have closely monitored its development and spread.
How LogoKit Works
According to experts, in the past week alone, they detected the new tool on more than 300 domains, and over the past month, on more than 700 websites. It is known that LogoKit operators send phishing links to victims that include the target’s email address.
“As soon as the victim clicks the link, LogoKit immediately pulls the logo from a third-party service—such as the favicon database from Clearbit or Google. In addition, the victim’s email address is automatically inserted into the appropriate field, further enhancing the illusion that the victim has already visited this site,” the RiskIQ report states.
“If the user enters their password, LogoKit sends all credentials via an AJAX request to a third-party resource controlled by the attackers. After that, the victim is quietly redirected to the legitimate official website.”
What Sets LogoKit Apart
LogoKit stands out from similar tools by using a set of JavaScript functions that can be easily added to any login form or complex HTML document. Other phishing kits typically use highly accurate templates disguised as legitimate website pages.
See Also
- Our other channels
- Our friends and partners