“With LogoKit’s intended functionality to be centered around singular emails per URL and extracting company logos, this dramatically improves ease of carrying out targeted attacks against organizations; and reusing pretexts without changing templates,” said Adam Castleman, security researcher with RiskIQ on Wednesday.
Phishing kits, which can be bought by cybercriminals for anything in the range of $20 and $880, require minimal technical knowledge to work past modest programming skills. These kits are used to steal various information from victims – including usernames, passwords, credit card numbers, social security numbers, and more.
In some cases, for instance, attackers have been noticed
facilitating their phishing pages on Google Firebase as a feature
of the LogoKit assault. While LogoKit has been discovered utilizing
these authentic facilitating services, researchers have likewise
noticed compromised sites – many running WordPress — to have
LogoKit variations. Cybercriminals send victims a specially created
URL containing their email address. An illustration of a crafted
URL that contains the email would be:
"phishingpage[.]site/login.html#
On the off chance that the victim clicks on the URL, LogoKit at that point brings the organization logo from a third-party service, for example, marketing data engine Clearbit or Google's database for favicons (the graphic icons associated with particular webpages).
Besides, since LogoKit is a collection of JavaScript files, its assets can likewise be facilitated on public trusted services like Firebase, GitHub, Oracle Cloud, and others, the greater part of which will be whitelisted inside corporate environments and trigger little alerts when loaded inside an employee's browser. RiskIQ said it is following this new threat intently because of the kit's simplicity, which the security firm accepts improves its odds of an effective phish.
Read more https://www.ehackingnews.com/2021/01/logokit-can-manipulate-phishing-pages.html
