216.73.217.176

Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz

· Published 25/09/2024 08:55 · Modified 25/09/2024 09:39

Export JSON

Essential information

Published
25/09/2024 08:55
Modified
25/09/2024 09:39
Tags
2024-09-25 credential-theft phaas phishing sniper dz victim tracking
Related entities
7 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware

Description

Unit42 explores , a popular -as-a-service () platform targeting social media and online services. Over 140,000 websites associated with were identified in the past year. The platform offers an admin panel with page catalogs, allowing users to host on infrastructure or download templates. Surprisingly, services are free, likely because collects stolen credentials. The platform uses public proxy servers to hide content, obfuscates code, and employs centralized infrastructure for credential exfiltration and . abuses legitimate SaaS platforms, particularly Blogspot, and uses brand names or trends as keywords in hostnames. After credential theft, victims may be redirected to malicious advertisements or potentially unwanted applications.

External references