“HackShit” Phishing-as-a-service

What is Phishing?

Phishing is a attack that usually a platform to get information such as name, email,password and credit card details from the victims. This can happen in a few ways such as email and call. Nowadays the attacker/phishers did found a easily way to do phishing by using “spear-phishing”. For those who doesn’t know what is spear-phishing, it usually take the phisher some effort to creating the phishing look exactly the same as real one which this is earn the victim’s trust over the phishers.

What is HackShit?

Now back to our topics. Netskope Risk Analysis Lab have found one attack that acts as a service named “Hackshit”. This Hackshit is a Phishing-as-a-service (Phaas) platform which it will gives low impact and will most probably permits the phishers to easily launch phishing marketing campaign to the victims.

Netskope researcher, Ashiwn Vamshi have defined that

“The attacker then generates a phished web page from the web page/generator hyperlink and logs into the e-mail account of the compromised sufferer, views all of the contacts and sends an e mail embedded with the phished hyperlink.”

Case Study

The Netskope researchers have found that the PhaaS platform from their research and analysis where the traits of CloudPhishing assaults. The researchers did notice that a phishing web page utilizing knowledge URI scheme where the base64 encoded content  material have been used in the attack. When the victims received the email and click the trusted link, the victim will key-in their credentials. As a result, the phishers/attacker will obtain their credentials and they can use it for bad purpose.

Source: <Hackshit PhaaS platform, even more easy to power Phishing campaigns

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *