Cloudflare cut off this phishing-as-a-service platform, so it moved to Russia

Robin Banks service returns stronger, and sporting new features

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Phishing-as-a-service (PhaaS) platform Robin Banks has relocated its infrastructure to a “notorious Russian provider” rarely swayed by ethics or takedown requests, after being booted from the US-basedCDN providerCloudflare in July 2022.

Cloudflare originally took action following areportfrom cybersecurity threat research company IronNet published in the same month, but new follow-upresearchconfirms that this wasn’t enough to put the service on ice.

Furthermore, IronNet claims that Robin Banks has seen feature updates, such as a “cookie stealer” that can be used to evade multi-factor authentication (MFA) checks that hope to make the service even more dangerous to potential victims.

Moving to Russia

According to IronNet’s original reporting, IronNet provided threat actors with an easy and convenient way to try and steal sensitive data from businesses, bank customers and others keeping sensitive data.

Among other techniques, the service could fooled users by offered fake landing pages for legitimate services offered byGoogleandMicrosoft.

Following a three-day long outage, Robin Banks' organizers relocated its front-end and back-end infrastructure to DDOS-GUARD, a popular Russian hosting provider that’s known for supporting threat actors and ignoring takedown requests.

The PhaaS platform has also since introduced two-factor authentication to the service, allowing kit customers to view phished information via a central graphical user interface (GUI).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Adding insult to injury, the new cookie stealer capability is locked behind a subscription add-on service, meaning that the phishing kit’s developers stand to profit even more, with no simple way of stopping them in their tracks.

Keep your devices safe with the best endpoint protection services right now

New service makes it easier than ever for rookies to launch Microsoft 365 phishing attacks>Microsoft issues warning against dangerous new phishing campaign

According to IronNet, the Robin Banks phishing kit relies heavily on open-source code and tools found off-the-shelf. Packaged as a service, they significantly lower the barrier to entry for anyone interested in engaging in phishing attacks.

Phishing, a cybercrime practice in which hackers look to “fish” sensitive information via fake emails, landing pages, and mobile applications, is one of the most popular methods for stealing login and other data targeted in cases ofidentity theft.

Via:The Hacker News

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

Google Gemini is set to finally reach its full potential – and take over from Google Assistant – thanks to a major upgrade