16Shop has expanded its phishing targets from Apple and Amazon accounts to include PayPal and American Express. The kit includes features to make it easy to use. It also includes antidetection features.
What is the 16Shop Phishing Kit?
The hacking group was first detected by McAfee in November 2018. Since then, the group has been very prolific in the number of campaigns they have conducted. The group usually targets potential victims via links in malicious emails that seem to originate from victims’ known online accounts. Information being targeted includes login credentials, credit card details and other personal information.
The kit is sold on underground forums using the Software-as-a-Service (SaaS) model. SaaS is a software licensing and delivery model where software is licensed on a subscription basis and is centrally hosted. SaaS is also known as “on-demand software”. Similarly to legitimate SaaS products, 16Shop offer different tiers of phishing kits. The highest tier kit is the most expensive and contains the most features. Less expensive kits contain less features depending on the tier.
16Shop Phishing Kit’s New Features
The 16Shop phishing kit is very advanced, with the group updating the kit’s features and attack methods frequently. The kit previously provided functionality for hacking Apple and Amazon accounts. As part of the latest update, the kit has been expanded to provide hackers with functionality to target PayPal and American Express customers. Consequently, this suggests that the group is actively adding brands to their phishing kit portfolio.
Moreover, the latest version of 16Shop kit includes features that make it more able to resist defenders. For instance, the kit includes three anti-bot and anti-indexing features to help it hide from security vendors’ automated crawlers and web-indexers. Anti-bots check website visitors to see if they are a real visitors or a bot.
Zack Allen, director of threat operations at ZeroFOX, said: “16Shop Developers have been one of the most skilled in our research. They are consistently updating their code, adding IP addresses, user-agents and tricks to do anti-bot and anti-scraping technology, and they do it at an impressive rate with frequent updates.”
Easy to Use
The 16Shop phishing kit also contains features to make it easier to use, which allows low level hackers with limited technical understanding to launch sophisticated attacks.
The hackers using the phishing kit are provided with a dashboard that is clear and easy to understand. The dashboard updates in real time and provides statistics such as the number of clicks recorded, number of logon credentials collected, number of credit card details gathered, and the number of bots detected.