The New “Spox” Phishing Kit Makes Campaign Deployment Easier

  • A new phishing kit has appeared and is growing in popularity quickly, thanks to its user-friendly approach.
  • The kit is called “Spox,” and it offers excellent anti-bot protection, stolen data backups, and easy phishing page management.
  • The victims are tricked into giving away their entire online and offline identities, including their ATM PIN.

As reported by Sucuri researchers, there’s a new phishing kit out there that makes the whole process of setting up campaigns and managing phishing pages a walk in the park. In addition to making the deployment comfortable, the Spox kit is also incorporating several detection countermeasures that make it harder for bots like the commonly used “Phishtank” to identify the phishing pages.

Spox has been under active development, and its authors are adding new features to make it more user-friendly and powerful every month.

landing page
Source: Sucuri

Spox’s main target seems to be the “” internet banking platform, which helps users connect their bank account or open a new one, make deposits, payments, transfer money online, pay bills, issue paperless statements, and many more.

Spox uses four Chase-themed pages, starting with a fake log-in landing page. After the victims enter their credentials, they get redirected to a second page that warns them that their device is supposedly not recognized (fingerprint mismatch). Thus, the victim is called to provide additional authentication details, which lead to the serving of a series of phishing pages that steal credit card details (even the ATM PIN), location details, email address and password, contact information, and various PII.

The kit user can change the email address that receives the stolen data and toggle the anti-bot system “on” and “off.” The kit’s backend also offers a GUI (graphical user interface) repository where the stolen data are stored in plaintext form right on the server that hosts the phishing pages. If the data doesn’t end up in the attackers’ email address for any reason, they may use the generated “.txt” files as a backup.

As for the bot detection countermeasures, these are implemented as PHP code and are basically request filters. If something looks like a detection crawler, the page returns a 404.

Source: Sucuri

Sucuri tried to investigate the origin of the Spox phishing kit, but no indications are pointing somewhere yet. The truth is, there are already quite a few actors who are deploying this tool for their phishing operations, and the newest version has even added support for PayPal.

Already, Spox counts almost four thousand subscribers, and the kit seems to be working like a breeze for them. As for the price tag, Spox is sold for $200, so it’s pretty affordable.




How to Watch MasterChef Season 12: Back to Win Online From Anywhere

MasterChef is returning for its twelfth season, which will be an all-star season where contestants will be returning for a second chance...

How to Watch The Great American Tag Sale With Martha Stewart Online From Anywhere

Are you ready to see the fabulous Martha Stewart in a great American tag sale? This new show will premiere soon, and...

How to Watch Expedition Unknown Season 10 Online From Anywhere

Discovery's 'Adventure Wednesday' lineup is back this summer, and viewers will be treated to all-new episodes of the reality television series Expedition...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari