FlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscation
Essential information
- Published
- 18/05/2026 18:45
- Modified
- 18/05/2026 18:56
- Tags
- 2026-05-18 attachment flowerstorm html kravvm mfa phaas phishing vm
- Related entities
- 1 techniques (mitre), 1 malware, 86 others
Description
FlowerStorm is a widely known Phishing-As-A-Service (PhaaS) attack kit that has been active since at least mid-2024, increasingly in large scale campaigns. FlowerStorm performs targeted, complex collection of a victim’s credentials, including the management of multi-factor authentication (MFA).