Thursday, February 22, 2024

Phishing-as-a-Service Strox Lets Hackers Phish any Brand by Submitting its Logo

The ever-evolving world of cybercrime has given birth to a disturbing phenomenon – Phishing-as-a-Service (PhaaS), and one name that sends shivers down the spines of cybersecurity experts is Strox. 

The tale of Strox begins in the first half of 2022 when Fortra, a cybersecurity organization, first detected a surge in fraudulent activities stemming from various PhaaS operations. 

These services serve as a one-stop-shop for cybercriminals, offering everything from advanced phishing kits to hosting services, mail spam scripts, and even a marketplace for selling stolen credentials.

Strox, or Strox[.]su or Strox Pages, is a standout player in the PhaaS landscape. This dangerous platform has operated since June 2021, initially imitating eleven US financial institutions. 

However, Fortra’s investigations revealed a more extensive history, with Strox-linked campaigns dating back to November 2021.

What sets Strox apart is its customization feature. It allows cybercriminals to create phishing campaigns targeting any brand by editing images and text, making it a versatile tool for fraud actors.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

The Phishing Kits

A cornerstone of Strox’s operation is its collection of phishing kits. However, it’s important to note that many of these kits are not original creations by Strox. 

Instead, they modify popular phishing kits to incorporate advanced live phishing features. Spotting Strox indicators in phishing URLs may not confirm that the attack is directly linked to the service.

Currently, Strox offers twelve phishing kits, each priced at $90 USD. Purchasing equipment includes a unique API key, guaranteeing the buyer ongoing development and updates, including content and antibot information. 

Customers can preview demo phishing pages before making their selection. What’s striking is the auto-translation feature, ensuring the phishing content aligns with the victim’s browser language, covering over 230 languages.

Real-time Phishing Operations

One of the key features of Strox’s offering is the real-time admin panel that allows threat actors to control and monitor their attacks. 

This live panel provides insights into how many people view the phishing content and their actions. 

It’s also employed in man-in-the-middle attacks to obtain two-factor authentication codes and bypass additional security checks.

Notably, when threat actors are unavailable to monitor the attacks, they can set them to a dormant state to avoid detection during unproductive times. 

Strox also handles the exfiltration of stolen credentials through a centralized Telegram bot, ensuring encrypted communication and providing a marketplace for selling these ill-gotten credentials.

Automated log ad listing generated on a threat actor’s Telegram.
Automated log ad listing generated on a threat actor’s Telegram.

Strox stands out by offering to set up hosting infrastructure for its users, a service that most other PhaaS platforms do not provide. 

They offer bulletproof hosting of a cPanel installation for $3 a day, with features like a 30-day “No ‘Red Flag’ Guarantee,” unlimited bandwidth, DDoS protection, and HTTPS SSL Certification. 

However, Strox remains hands-off regarding domain registration, requiring users to register their domains to avoid detection from anti-phishing processes.

The choice of a “bulletproof” host has evolved over time. Initially, Strox used VPS installations on Digital Ocean servers. 

By the fourth quarter of 2022, they had shifted to Ponytech, FranTech Solutions, and Russian provider Dolgova Alena Andreevna.

In 2023, some Strox servers have been discovered behind CloudFlare’s DDoS protection services, while others continue to use hosting providers from 2022.

Phishing Made Easy with Strox

Strox aspires to be a one-stop shop for phishing threat actors. 

They offer various materials to facilitate phishing campaigns, including phishing email lures, target email lists, and PHP mailing scripts ready to be installed on Strox cPanel setups. 

They even provide more advanced SMS phishing services, allowing smishing lures to be sent to victims in the United States and Canada across all carriers.

What’s alarming is the pattern of increased Strox-linked phishing campaigns during the second quarter of each year. 

Strox has celebrated its anniversaries in both June 2022 and 2023 with sales events. 

Fortra has noticed heightened campaign activity in the months preceding and following these anniversaries, indicating a potential relationship between the sales and cyberattacks.

Strox group announcing their 2nd-anniversary promotion
Strox group announcing their 2nd-anniversary promotion

The rise of Strox illustrates the audacity and adaptability of cybercriminals. While cybersecurity experts continue their battle against these threats, Strox and PhaaS operations like it remain a daunting challenge, serving as a stark reminder of the ongoing struggle to secure the digital world.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Website

Latest articles

Beware of New AsukaStealer Steal Browser Passwords & Desktop Screens

An updated version of the ObserverStealer known as AsukaStealer was observed to be advertised as...

US to Pay $15M for Info About Lockbit Ransomware Operator Data

In a significant move against cybercrime, the U.S. government has announced a bounty of...

Earth Preta Hackers Abuses Google Drive to Deploy DOPLUGS Malware

Threat actors abuse Google Drive for several malicious activities due to its widespread use,...

Swiggy Account Hacked, Hackers Placed Orders Worth Rs 97,000

In a startling incident underscoring the growing menace of cybercrime, a woman's Swiggy account...

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles