Cybersecurity researchers at CloudSEK have spotted a new and sophisticated phishing toolkit for sale across several cybercrime forums and Telegram channels
Dubbed “NakedPages,” the toolkit, which was developed using NodeJS Framework and runs JavaScript code, is fully automated and comes preloaded with more than 50 phishing templates and site projects.
“Naked Pages is the phishing tool any serious developer//spammer needs with more features than any other reverse proxy combined or PHP phishing framework combined,” reads a post on a cybercrime forum, which was viewed by CloudSEK.
The post also mentions that there is a possibility of providing software licenses upon payment of $1000 and contributing to the development of the open-source project on GitHub, with interested parties being able to contact the actor via a Google Forms page.
According to an advisory by CloudSEK, NakedPages is designed to work on Linux and asks for read, write and execute permissions from the ‘user’ and further requests for read and execute permissions from both ‘group’ and ‘others’ in order to work.
Moreover, the toolkit also reportedly features fully-integrated and battle-based anti-bot functionalities, capable of detecting bots of different types from over 120 countries.
“[NakedPages] would equip malicious actors with the details required to launch sophisticated ransomware attacks.”
In terms of the threat actor behind the new phishing toolkit, CloudSEK said it is a new user on GitHub and the cybercrime forum, with both accounts being less than a month old.
“There have been no concrete samples shared by the threat actor. Repeated attempts for establishing contact were made by our source, but the threat actor hasn’t responded,” CloudSEK wrote.
The researchers also warned individuals who may be affected by NakedPages to monitor for anomalies in user accounts and systems that could be indicators of possible account takeovers and implement multi-factor authentication (MFA) practices across all accounts.