Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Free Sniper Dz Phishing Tools Trigger Over 140,000 Cyber ​​Attacks Targeting User Credentials
Global Security

Free Sniper Dz Phishing Tools Trigger Over 140,000 Cyber ​​Attacks Targeting User Credentials

AdminBy AdminOctober 1, 2024No Comments5 Mins Read
140,000+ Cyber Attacks
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


140,000+ cyber attacks

In the past year, more than 140,000 phishing sites linked to a phishing-as-a-service (PhaaS) platform called Sniper Dz have been discovered, indicating that it is being used by a large number of cybercriminals to steal credentials.

“For would-be phishers, Sniper Dz offers an online admin panel with a directory of phishing pages,” Palo Alto Networks Unit 42 researchers Shehroz Faruqi, Howard Tong, and Alex Starov said in the technical report.

“Phishers can either host these phishing pages on infrastructure owned by Sniper Dz or download Sniper Dz phishing templates to host on their own servers.”

Perhaps even more profitable is the fact that these services are provided for free. However, credentials collected through phishing sites are also shared with PhaaS platform operators, a method Microsoft calls double theft.

PhaaS platforms have become an increasingly common way for novice threat actors to enter the world of cybercrime, allowing even those with little technical experience to carry out phishing attacks at scale.

Such phishing kits can be purchased from Telegramwith dedicated channels and groups serving every aspect of the attack chain, from hosting services to sending phishing messages.

Cyber ​​security

Sniper Dz is no exception in that the threat actors operate a Telegram channel with over 7,170 subscribers as of October 1, 2024. The channel was created on May 25, 2020.

Interestingly, a day after the Unit 42 report went live, the people behind the channel turned on auto delete option to automatically delete all messages after a month. This probably indicates an attempt to hide traces of their activities, although the previous messages remain intact in the chat history.

The PhaaS platform is available on Clearnet and requires account registration to “get your fraud and hacking tools,” according to the website’s homepage.

Video loaded on Vimeo in January 2021 reveals that the service offers ready-to-use scam templates for various internet sites such as X, Facebook, Instagram, Skype, Yahoo, Netflix, Steam, Snapchat and PayPal in English, Arabic and French. To date, the video has received more than 67,000 views.

Hacker News too identified educational videos uploaded to YouTube that walk viewers through the various steps required to download templates from Sniper Dz and set up fake landing pages for PUBG and Free Fire on legitimate platforms like Google Blogger.

However, it is not clear if they are related to the developers of Sniper Dz or if they are just customers of the service.

Sniper Dz has the ability to host phishing pages on its own infrastructure and provide special links to those pages. These sites are then hidden behind a legitimate proxy server (proxymesh(.)com) to prevent detection.

“The group behind Sniper Dz configures this proxy server to automatically download phishing content from its server without direct communication,” the researchers said.

“This technique can help Sniper Dz protect its backend servers, as the victim’s browser or security scanner will see that the proxy server is responsible for downloading the phishing payload.”

Another option for cybercriminals is to download phishing page templates offline as HTML files and host them on their own servers. In addition, Sniper Dz offers additional tools to convert phishing templates into Blogger format, which can then be hosted on Blogspot domains.

The stolen credentials are ultimately displayed in the admin panel, which can be accessed by logging into the Clearnet site. Unit 42 said it has seen a spike in phishing activity using Sniper Dz since July 2024, primarily targeting web users in the US.

“Sniper Dz phishing pages harvest the victim’s credentials and track them through a centralized infrastructure,” the researchers said. “This can help Sniper Dz collect victim credentials stolen by phishers using their PhaaS platform.”

The development comes after Cisco Talos discovered that attackers are abusing web pages connected to the SMTP backend infrastructure, such as account creation form pages and others that trigger a return email to the user, to bypass spam filters and distribute phishing emails .

Cyber ​​security

These attacks take advantage of the poor input validation and sanitization common in these web forms to include malicious links and text. Other companies conduct credential attacks against the mail servers of legitimate organizations to gain access to email accounts and send spam.

“Many websites allow users to register for an account and log in to access certain features or content,” said Talos researcher Jason Schultz said. “Typically, after a user successfully registers, an email is sent to the user to confirm their account.”

“In this case, the spammers overloaded the name field with text and a link, which unfortunately is not checked or sanitized in any way. The email the victim received contains the spammer’s link.”

It also follows the discovery of a new email phishing campaign that uses a seemingly innocuous Microsoft Excel document to distribute a fileless variant Remcos RAT exploiting a known security flaw (CVE-2017-0199).

“Once the (Excel) file is opened, the OLE objects are used to trigger the download and execution of the malicious HTA application,” Trellix researcher Trishan Kalra said. “This HTA application then runs a chain of PowerShell commands that ends up injecting the fileless Remcos RAT into a legitimate Windows process.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025

Hackers operate incorrectly configured API Docker to hand over cryptocurrency via Tor Network

June 24, 2025

US House forbids WhatsApp on official security and protection devices

June 24, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.