A new phishing tool kit has been developed by a cybercrime group which allows criminals to change text and logos in real-time on phishing pages in order to adapt to victims. The kit is called LogoKit, and according to it RiskIQ is has already been seen in use online. RiskIQ has said that the toolkit has been identified on over 300 domains in the past week alone, and more than 700 sites in the past month.
LogoKit uses a phishing technique which relies on sending victims emails which contain their email addresses. In RiskIQ’s report they said that “once a victim navigates to the URL, LogoKit fetches the company logo from a third-party service, such as Clearbit or Google’s favicon database.” The report also said that “the victim email is also auto-filled into the email or username field, tricking victims into feeling like they have previously logged into the site” and that “should a victim enter their password, LogoKit performs an AJAX request, sending the target’s email and password to an external source, and, finally, redirecting the user to their [legitimate] corporate web site.”
