3 min Security

Phishing kits from 16shop created 70,000 victims in 43 countries

Phishing kits from 16shop created 70,000 victims in 43 countries

The administrator of platform 16shop was arrested last week, Interpol reports. 16shop was a Phishing-as-a-Service (PaaS) platform on which phishing kits were traded.

Interpol reports in a statement that the administrator of the platform 16shop was arrested last week in Indonesia. It is said to be a 21-year-old man. A facilitator of the platform was also arrested in Indonesia. A final arrest in Japan has also been linked to 16shop, the person was again a facilitator of the platform.

A separate blog from Trend Micro reveals that the arrests are the conclusion of a multi-year project. The cybersecurity specialist says Interpol approached for the first time about 16shop in 2020. It proved difficult to trace the platform’s base, as the web infrastructure was hosted on several legitimate cloud providers.

Phishing kits starting at $60

16shop was a PaaS platform on which phishing kits were traded. The platform itself is said to have been active since 2018, but it is not certain whether phishing kits were traded on it after 2021. Another party involved, Group-IB, indicated that the phishing kits had a price between $60 and $150.

Hackers can obtain personal information such as logins and credit card information through a phishing campaign. Hackers thus try to rob victims of money or break into important (business) applications and websites so they can afterwards break into a company network.

Victims in 43 countries

The platform 16shop traded phishing kits to enable such things. According to Interpol, phishing kits from this platform caused 70,000 victims across 43 countries. Mainly in Germany, Japan and the U.S., the phishing kits managed to create lots of victims.

Trend Micro researched the platform and found that the phishing kits mainly focused on obtaining login credentials. The campaigns focused on Amazon, American Express, PayPal, Apple, CashApp and login credentials for banking services in the US.

Research by Group-IB complements this by editing that more than 150,000 phishing domains had been created using the phishing kits.

Also read: EvilProxy phishing campaign hits thousands of Microsoft 365 accounts

Help from private cybersecurity specialists

Interpol was in charge of coordinating the project. In addition, authorities from Indonesia and Japan cooperated in making the arrests possible. Authorities from America were also contacted because all of the servers to run the platform were located there.

From the private sector, some cybersecurity specialists volunteered to participate in the operation. They include the Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42, Trend Micro and Cybertoolbelt.

PaaS lowers the barrier to becoming a hacker

“Phishing is not a new phenomenon, but when the crime-ware is widely offered as a subscription and to automate phishing campaigns, anyone can use this type of service to carry out a phishing attack with a few clicks,” said Adi Vivid Agustiadi Bachtiar, director of Indonesia’s Cyber Crime Investigation.

Research also showed that the phishing kits could automatically adapt to the language spoken by the victim. To do this, the kit found out the target’s location.

A lot of phishing campaigns target employee e-mail accounts. This is because companies own more money than individuals, making them an attractive target. Through phishing, hackers can obtain login credentials to important business applications and obtain trade secrets or install malware. Often cybercriminals demand money to leave the company network again or to keep company secrets from going public.

Employees appear to have become less resilient to phishing emails in general. Without training, a third of Europeans fall for technology. Training drops the percentages but can never lower it to zero.

Tip: This is what a global phishing campaign looks like