Security researchers discover faulty phishing kits

• Researchers from Akamai found several kits with security holes or containing outdated code.
• These phishing kits can be exploited by cybercriminals other than those involved in the actual cyber attack.

A number of phishing kits with security vulnerabilities have been discovered. Security researchers from Akamai came across these faulty utilities, which were possibly used to target financial institutions. The kits were found to be either developed shoddily or relied on outdated open-source code from a GitHub repository. However, the researchers did not find any secondary attacks carried out from these kits.

Worth noting

• Researcher Larry Cashdollar from Akamai detailed the findings in a blog. According to him, the buggy phishing kits had basic vulnerabilities due to their flimsy construction or used outdated open-source code.
• Cashdollar suggested that a second attacker could jump in after the phishing kit is installed on the victim system and could compound an ongoing attack. Due to this, the second attacker can siphon off sensitive data from the victim well before the first attacker.
• These kits also had the same file-upload vulnerabilities as a result of reusing the same code. “The common thread between each kit is the usage of class.uploader.php, ajax_upload_file.php, and ajax_remove_file.php, in a number of different naming conventions,” said Cashdollar.

Victims get hit the most

While other attackers may run off with sensitive data, Cashdollar suggested that victims would suffer the most by these kits. “The real risk and concern in this situation goes to the victims - the server administrators, bloggers, and small business owners whose websites are where phishing kits like these are uploaded. They're getting hit twice and completely unaware of the serious risk these phishing kits represent,” said Cashdollar.