New Phishing Kit on Dark Web Lets Anyone Launch Cyber Attacks

Often called the ‘Digital Wild West’, the Dark Web’s hidden marketplaces are said to sell everything from illegal military-grade assault rifles, banned narcotics, hitmen-for-hire and more.

Now, cyber-security researchers at Check Point and CyberInt are said to have discovered a new generation of phishing kit that’s being sold on the Dark Web by a cyber-criminal known as ‘[A]pache’. The software reportedly allows would-be cyber criminals to create realistic-looking fake websites of reputable brands, such as Walmart. The kit is said to be aimed at a Brazilian audience for the most part, but there are some other that also target US brands.One of the most intriguing things about the software is that it allows people even with very little technical ability to carry out their own cyber-attack. According to Check Point, cyber-criminals wanting to launch a phishing campaign can just download the code and follow some straightforward instructions to launch an attack to collect the personal and financial information of victims.

The report further says that the kit costs significantly more than what a standard phishing kit would cost on the Dark Web. While regular ones cost just about $20-$50 a pop, this one reportedly costs $300, mostly because it comes will all the bells and whistles, especially for the technically non-proficient.

“[A]pache has made a simple user interface within the admin panel where the threat actor can paste the product URL of the legitimate retailer and the kit will automatically import the product information into the phishing page. They can then view their ‘products’ and change their original prices”, says the report.