News

Microsoft reports TodayZoo – a “Franken-Phish” phishing toolkit

In their blog Microsoft reported a very curious phishing kit – TodayZoo. It was primarily active this year, in spring and summer. The peculiarity of this kit lies in its built. This weird toolkit consists of particles of code from different works. Franken-Phish used to disguise itself under Zoom, Microsoft and Xerox products. Microsoft reported it to the AWS (Amazon Web Services, Inc).

TodayZoo made from different codes

“We named the kit “TodayZoo” because of its curious use of these words in its credential harvesting component in earlier campaigns, likely a reference to phishing pages that spoofed a popular video-conferencing application. Our prior research on phishing kits told us TodayZoo contained large pieces of code copied from widely circulated ones. The copied code segments even have the comment markers, dead links, and other holdovers from the previous kits” – Microsoft in their blog post.

Phishing is a cybercrime in which victims receive the email, telephone or text message. The purpose of these notifications is to bait the victim to go to the website and fill the form with sensitive data. By someone pretending to be a legitimate representative to draw individuals into providing confidential data. For example, credit card details, banking, personally identifiable information and passwords. The information is then applied to get access to important accounts. Such actions are identified as identity theft and result in financial losses.

Modern phishing is more like a business

Today`s phishing industry shows a pretty well organization. It reminds of a very put work business. You can buy a one-time phishing kit and use it out of box, without any additional setups. Also, criminals can rent resources and infrastructure they need from the so-called phishing-as-a-service (PhaaS) providers. The first-ever known phishing lawsuit was filed in 2004 against a Californian teenager. He made a fake “America Online” website. By that trick, he got access to fooled users’ sensitive information and credit card details. Apart from website and email phishing there exist others like “smishing” (SMS Phishing) and “vishing” (voice phishing). Cybercriminals constantly come up with new and different techniques.1

Fake AOL page. This phishing page is just the variant of a thing made by that teenager

TodayZoo operated by a single group

TodayZoo phishing campaign was sending links to fake Microsoft 365 login pages. It also used a technique called “zero-point font obfuscation”. Fraudsters just add HTML text with a zero font size in an email. So that for humans it would be impossible to read. Fraudsters maintained the majority of pages on cloud provider DigitalOcean. This phishing kit redirected the data not to other email accounts but stored it on the site itself. Microsoft researchers believe this phishing group is a single operation rather than a network of criminals.

Microsoft also added that many phishing kits connect to a broad variety of email phishing campaigns. And vice versa many email campaign patterns associate themselves with various phishing kits. TodayZoo exclusively utilized the same campaign pattern and others only surface it. This led Microsoft specialists to believe that in this case, actors are on their own. As you can see, Microsoft tries to deal with the vulnerabilities not only through enhancing the system protection, but also through informing their users.

  1. Read about different phishing techniques you can meet each day.
Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

2 days ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

2 days ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

2 days ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

2 days ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

2 days ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

2 days ago