Fifth Generation Phishing Kits Have Arrived

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.” – Maimonides (1135-1204).

With online phishing kits being the all-in-one DIY fishing pack for those new to this illicit activity, low-tech scammers are taking Maimonides’ proverb to heart.

Phishing kits are built specifically for those with lower technical knowledge, and as such, provide the cyber-criminal with everything they need in order to carry out an attack. With the barrier now lower, more threat actors can get involved, allowing for more attacks and therefore more potential victims.

As part of a joint analysis, Check Point Researchers collaborated with cyber intelligence company, CyberInt, to track down the scammer behind a new and more advanced phishing kit currently available in Brazil. Unlike previous kits, this newly discovered kit makes for an even easier set-up and a more convincing fake website, representing the next generation in phishing architecture.

Found on the Dark Net, this phishing kit targets those that shop at popular online retailers and aims to steal users’ personal details and credit card information. Instead of having just a login page

with a prompt for personal and financial information, the [A]pache Next Generation Advanced Phishing Kit incorporates entire replicas of well-known retail sites. Mainly aimed at the Brazilian consumer, these sites include Walmart, Americanas, Ponto Frio, Casas Bahia, Submarino, Shoptime and Extra. Unlike other phishing kits which can be bought for just a few dollars, these high-end, more sophisticated kits sell for between $100 and $300.

Using the kit’s backend interface, threat actors can create convincing fake retail product pages and manage their entire phishing campaign. By preparing a site with discounted products that appear to be sold by a legitimate retailer, the threat actor can then lure victims into making a ‘purchase’, at which point they surrender their personal                                   Get the Full Report
and financial information.

In addition to targeting the Brazilian audience, our research team found some links to a phishing campaign targeting PayPal users in the US. While the connection between the two activities remains unclear, it may point to a bigger operation than we thought.

With some reports claiming that 91% of cyberattacks and data breaches begin with a phishing email, phishing remains a constant threat for stealing financial information, intellectual property, and even interfering with elections. For this reason, consumers and businesses alike must ensure they have the latest protections for safe guarding against such threats.

Check out how Check Point SandBlast Agent identifies and prevents access to deceptive phishing sites in real-time using dynamic analysis and highly accurate heuristics.

Download the full Check Point-CyberInt joint analysis of the [A]pache Next Generation Advanced Phishing Kit here.

About CyberInt:

In the age of digital transformation businesses are opening themselves up to far greater risks and greater threats in their environment. CIOs and CISOs are therefore beginning to look at their security environment through a digital lens. CyberInt has been recognized by both Gartner and Forrester as an innovator in securing digital businesses.

CyberInt’s Managed Detection and Response services span globally and include some of the top finance, retail and telecommunication organizations. MDR services allow our customers to combat and respond to advanced cyber threats that would normally go unnoticed by standard security controls, while protecting their brand, digital assets and customers.

For further information, please visit

Leave a Reply

Your email address will not be published. Required fields are marked *