The New “Spox” Phishing Kit Makes Campaign Deployment Easier

  • A new phishing kit has appeared and is growing in popularity quickly, thanks to its user-friendly approach.
  • The kit is called “Spox,” and it offers excellent anti-bot protection, stolen data backups, and easy phishing page management.
  • The victims are tricked into giving away their entire online and offline identities, including their ATM PIN.

As reported by Sucuri researchers, there’s a new phishing kit out there that makes the whole process of setting up campaigns and managing phishing pages a walk in the park. In addition to making the deployment comfortable, the Spox kit is also incorporating several detection countermeasures that make it harder for bots like the commonly used “Phishtank” to identify the phishing pages.

Spox has been under active development, and its authors are adding new features to make it more user-friendly and powerful every month.

landing page
Source: Sucuri

Spox’s main target seems to be the “Chase.com” internet banking platform, which helps users connect their bank account or open a new one, make deposits, payments, transfer money online, pay bills, issue paperless statements, and many more.

Spox uses four Chase-themed pages, starting with a fake log-in landing page. After the victims enter their credentials, they get redirected to a second page that warns them that their device is supposedly not recognized (fingerprint mismatch). Thus, the victim is called to provide additional authentication details, which lead to the serving of a series of phishing pages that steal credit card details (even the ATM PIN), location details, email address and password, contact information, and various PII.

The kit user can change the email address that receives the stolen data and toggle the anti-bot system “on” and “off.” The kit’s backend also offers a GUI (graphical user interface) repository where the stolen data are stored in plaintext form right on the server that hosts the phishing pages. If the data doesn’t end up in the attackers’ email address for any reason, they may use the generated “.txt” files as a backup.

As for the bot detection countermeasures, these are implemented as PHP code and are basically request filters. If something looks like a detection crawler, the page returns a 404.

backend
Source: Sucuri

Sucuri tried to investigate the origin of the Spox phishing kit, but no indications are pointing somewhere yet. The truth is, there are already quite a few actors who are deploying this tool for their phishing operations, and the newest version has even added support for PayPal.

Already, Spox counts almost four thousand subscribers, and the kit seems to be working like a breeze for them. As for the price tag, Spox is sold for $200, so it’s pretty affordable.

READ MORE:

REVIEW OVERVIEW

Latest

How to Watch Golden State Warriors vs. Phoenix Suns: Live Stream, Start Time, TV Channel, Odds, Predictions

Two of the best teams in the NBA will battle it out on Tuesday as the Western Conference heats up with this...

How to Watch New York Knicks vs. Brooklyn Nets: Live Stream, Start Time, TV Channel, Odds, Predictions

Two New York based teams face off in this thrilling NBA derby on Tuesday evening, as it is the New York Knicks...

How to Watch Denver Nuggets vs. Miami Heat: Live Stream, Start Time, TV Channel, Odds, Predictions

Another blockbuster NBA clash awaits us on Monday night as the Miami Heat and the Denver Nuggets collide at the FTX Arena....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari