A cybercriminal gang has recently developed a new phishing kit named LogoKit on several domains. LogoKit changes logos and text in real-time in order to adapt to the targeted victims.
This vicious phishing kit has already been released in the dark web according to threat intelligence firm RiskIQ. The firm has tracked it's progression and in one week the kit was identified in 300 domains, and over 700 within the month.
"Once a victim navigates to the URL, LogoKit fetches the company logo from a third-party service, such as Clearbit or Google's favicon database," said RiskIQ security researcher Adam Castleman in a report this week.
The firm also shared a screenshot of how this malicious kit works:
Source: Risk IQ
This kit can be very tricky to identify from standard phishing templates because most need perfect pixels that mimic the company's authentication page. RiskIQ is still actively tracking the kit and fear that the kit's simplicity could significantly improve the chances of a successful phishing attack.
Make sure your organization is frequently being tested with the latest attacks. New-school security awareness training can ensure your users know how to spot and report any suspicious activity in their day-to-day operations.
ZDNet has the full story.