Meet Spox Phishing Kit for carding

What is phishing kit?

Phishing kits are generally kits provided by cyber-criminals to allow anyone with a little bit of IT knowledge to carry out a phishing attack. 

How did i discovered this?
During a recent investigation of client’s web space in a dedicated server, a hack attempt(dict attack) to wordpress’s xmlrpc.php found. So, I tracked ‘hacker’s cyber footprints in apache logs and it led me to Sp0x’s phishing kit :)


What does hacker do with Sp0x Chase phishing kit in server?
Hacker deploy phishing pages and targeting bank customers using random infected servers.

Victims were directed to these pages through a phishing email which contained social engineering text and a link to the phishing page URL.

Phishing Behavior:
Sp0x Kit generates pages used to steal data from victims.

  1. part of workflow starts with a homepage that appears to be the fake banking login page.

  2. The workflow leads the victim to a series of phishing pages asking for the victim’s email account login information, personal data, and payment card details.

  3. The stolen data stores in .txt files on the server hosting the phishing pages.

    fake data sample data from 'attacker'

IMPORTANT: Included in this phishing kit is an admin panel backend that allows the attacker to change some of the phishing page settings, including the email address used to collect the stolen data and the various anti-bot countermeasures.

multiple bot countermeasure files:

  1. include'Spox/Anti/IP-BlackList.php';
  2. include'Spox/Anti/Bot-Crawler.php';
  3. include'Spox/Anti/Bot-Spox.php';
  4. include'Spox/Anti/blacklist.php';
  5. include'Spox/Anti/new.php';
  6. include'Spox/Functions/Fuck-you.php';
  7. include'Spox/Anti/Dila_DZ.php';

More details about author:

  1. /**
  2. * DO NOT SELL THIS SCRIPT !
  3. * DO NOT CHANGE COPYRIGHT !
  4. * Chase -
  5. * version 3.0
  6. * icq & telegram = @spoxcoder
  7. ###############################################
  8. #$ C0d3d by Spox_dz $#
  9. #$ Recording doesn't make you a Coder $#
  10. #$ Copyright 2020 Chase $#
  11. ###############################################
  12. **/

The author of this Chase phishing kit, Spox, charges $200 USD for the latest version of the phishing kit.

Wish you a safe day!

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.