A threat actor has advertised the sale of a phishing toolkit service, named ‘iServer Pro Kit’. According to their advertisement on twitter account they were providing iServer host with full admin access Unlimited User Creation, Private Name Server,Dedicated Account IP.
When our researchers clicked that link they reached their purchasing plan options they were providing anti bots & anti red page systems which depict the phishing page which we get when the page is infected.
Analysis and Attribution of Phishing Toolkit
The advertisement on the twitter claims that:
Our researchers go through their youtube channel named “gsmkhmernews” which having video showing how iServer tools help in compromising iCloud server. Here is their video link
https://medium.com/media/0b3a463ff6716f8cab155b9569d20a99/href
Modus of Operandi
After selecting payment option we received a dialog box for creating a link that is used to send on victim’s phone via SMS, email.
2. When the victim clicked that link the threat actor get information about his apple id credentials through telegram.
3. The attacker easily put his credentials and login his apple id to extract his personal information.
Conclusion
Such type of threat actor provides phishing toolkit framework which encourages the attacker to use their toolkit to attack their adversaries unethically and have now become a common service/product for sale.
Read more