In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.
A new report from Group-IB has drawn attention to a covert phishing operation that has been selling custom tools to target Microsoft 365 accounts. The W3LL actor, which has been operating since 2017, has been selling its custom tool, the W3LL SMTP Sender, to send email spam en masse. It later expanded into selling phishing kits for Microsoft 365 accounts, before eventually launching the W3LL store — a members-only darknet marketplace with over 500 active users and 12,000 items, generating over $500,000 in sales in just 10 months.
The W3LL store is famed for the W3LL panel, which is an advanced phishing kit designed to help threat actors bypass MFA in their attacks. The panel is compatible with a range of similarly customized tools, all designed to provide a one-stop shop for business email compromise (BEC) phishing threat actors. The W3LL panel has linked to 850 phishing sites over the last ten months, according to Group-IB.
Group-IB warns that such underground shops are continuously driving innovation among phishing developers who strive to enhance their malicious tools through the introduction of new features and approaches.
Anton Ushakov, deputy head of Group-IB's high-tech crime investigation department, Europe, states, "What really makes the W3LL store and its products stand out from other underground markets is the fact that W3LL created not just a marketplace but a complex phishing ecosystem with a fully compatible custom toolset that covers almost the entire kill chain of BEC attacks and can be used by cybercriminals of all technical skill levels."
High Demand for Phishing Tools
Phishing continues to be a popular means for cybercriminals to obtain confidential information, with data breaches resulting from phishing attacks across the globe. Phishing techniques are also evolving as criminals seek new ways to dupe victims.
With W3LL being a prime example, the cybersecurity community warns that the growing demand for phishing tools and the resulting underground market is attracting increasing numbers of vendors, each of whom has to innovate continuously to stay ahead of the competition.
This competition among vendors in the underground market drives continuous innovation, resulting in new and improved malicious tools that enable phishing developers to enhance the efficiency of their operations through new features and approaches.
With such competition likely to continue, security analysts warn that organizations need to continue to monitor emerging threats, update their system procedures accordingly, and create awareness around phishing attacks, especially among employees handling confidential information. New-school security awareness training and education is the ticket.
Phil Muncaster of InfoSecurity Mag has the full story.
Here's how it works:
