Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Inside Phishing Groups: Trust No One

Anshuman
July 20, 2024

Inside Phishing Groups: Trust No One

In the world of cybercrime, phishing kits are typically sold for profit, but some are distributed for free with hidden malicious intent. This talk will explore the phenomenon of free phishing kits embedded with backdoors that steal Telegram bot tokens from the users who deploy them. By analyzing these deceptive kits and their underlying tactics, we reveal the risks and implications for both cybercriminals and defenders. Attendees will gain insights into the complexities of phishing operations and learn strategies to detect and mitigate such threats.

Anshuman

July 20, 2024
Tweet

More Decks by Anshuman

Other Decks in Research

Transcript

  1. M Inside Phishing Groups: # Trust No-One # * e

    by Anshuman El ethebitdoodler /in/thebitdoodler
  2. Agenda Analyzing the kit that How phishing-kit works scam the

    scammers Take aways How Phishing Kits Hunting in the wild are distributed
  3. M · Threat & Adversary Research GeloudSEK ⑳ Writing Tech-Zines

    @securityLines · Documenting Learnings HuskyScripts. blog El @thebitdoodlea er *
  4. ww 88 e ⑧ ↓ TAs Who deploy phishing sites

    to harvest credentials &thebitdoodler
  5. M # I L Logo. png index . php main

    . js style. ess banner. Sug These can be indicators!! &thebitdoodler
  6. M # I L Logo. png index . php main

    . js style. ess banner. Sug These can be indicators!! ↓ ↓ content filename inside the or file hashes filess ... &thebitdoodler
  7. Some where on the T elegram FREE Phishing Kits -

    - - - - > Interesting .... &thebitdoodler
  8. M ↓ function from the interesting file ↓ # "

    * Whaaatt ..... &thebitdoodler
  9. The Artist M - - > I hosted by Scammer

    * xcksm/a =- phishing site ↑ victimstials 1 02 . 165 . 14 . 4 : 5000 ⑤ F # &thebitdoodler
  10. The Artist M - - > I hosted by Scammer

    * xcksm/a =- phishing site ↑ victimstials 1 02 . 165 . 14 . 4 : 5000 ⑤ F # &thebitdoodler
  11. The Artist M - - > - I hosted by

    Scammer * xcksm/a · i phishing site ↑ victimstials 102 . 165 . 14 . 4 : 5000 & ⑤ - F # web server written in python &thebitdoodler
  12. Phishing kit M Author C2 server steals -- >Bot tokens

    Hosted # ... ) =>>> . ! # ... - Phishing Sites D # ...[ goodbankk. xyz courier . top +vfzpa- webapp M I spepy Phishing kits Configures with #init #Telegram BotTokens ⑤ # · Freely distributed , , F - > # Telegram scammers channels &thebitdoodler
  13. M * urlscan . io phish. report ↓ ↓ community

    F open source · Nuclei for phishing kits &thebitdoodler
  14. M

  15. M

  16. M /YAML Rule Presenton the A Based on Indicators -

    3 # ↓ Hardcoded on th index page &thebitdoodler
  17. M minder Live UrLS & & similar We can detect

    A Kits created by the same author 1! &thebitdoodler