Sunday, July 21, 2024
HomeCyber CrimePayPal-themed Phishing Kit Steals Information

PayPal-themed Phishing Kit Steals Information


PayPal users are the target of a phishing kit that tries to steal their personal information. Government identity documents and pictures are among the stolen details.


Phishing kit with a PayPal motif


After being positioned on a WordPress honeypot by attackers, the phishing kit was discovered by Akamai researchers. Attackers can circumvent detection by hosting the kit on legitimate WordPress websites that have been compromised.


Attackers use a list of widely-used credential pairs to brute-force logins on websites with weak security.


The phishing kit is uploaded to the compromised site using a file management plugin that was installed using the stolen access.


The kit uses cross-references between IP addresses and domains belonging to a certain group of businesses, such as cybersecurity organisations, to evade discovery.

The attackers subsequently request the victim to submit their official identification documents to prove their identity after gathering a significant quantity of personal information.


Despite the phishing kit’s seeming sophistication, the researchers discovered a flaw in the file upload function that may be exploited to upload a web shell and take control of the compromised website.


Concerning The Phishing Page

The creators of the phishing kit tried to imitate PayPal’s website in order to make the bogus page appear legitimate.

Additionally, for a genuine look, every component of the graphical user interface is fashioned in accordance with PayPal’s theme.

The URL has been rewritten by the attackers using ‘htaccess,’ so it does not terminate with a PHP file extension.

Ending Remarks

Phishing tools now successfully imitate PayPal while obtaining user data. Therefore, users ought to always check the domain name of a website asking for sensitive data. By manually entering the site address in the online browser, they should access the service’s official website.

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us