Friday, October 4, 2024
HomeCyber Security NewsPhishing-as-a-Service Strox Lets Hackers Phish any Brand by Submitting its Logo

Phishing-as-a-Service Strox Lets Hackers Phish any Brand by Submitting its Logo

Published on

The ever-evolving world of cybercrime has given birth to a disturbing phenomenon – Phishing-as-a-Service (PhaaS), and one name that sends shivers down the spines of cybersecurity experts is Strox. 

The tale of Strox begins in the first half of 2022 when Fortra, a cybersecurity organization, first detected a surge in fraudulent activities stemming from various PhaaS operations. 

These services serve as a one-stop-shop for cybercriminals, offering everything from advanced phishing kits to hosting services, mail spam scripts, and even a marketplace for selling stolen credentials.

- Advertisement - EHA

Strox, or Strox[.]su or Strox Pages, is a standout player in the PhaaS landscape. This dangerous platform has operated since June 2021, initially imitating eleven US financial institutions. 

However, Fortra’s investigations revealed a more extensive history, with Strox-linked campaigns dating back to November 2021.

What sets Strox apart is its customization feature. It allows cybercriminals to create phishing campaigns targeting any brand by editing images and text, making it a versatile tool for fraud actors.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

The Phishing Kits

A cornerstone of Strox’s operation is its collection of phishing kits. However, it’s important to note that many of these kits are not original creations by Strox. 

Instead, they modify popular phishing kits to incorporate advanced live phishing features. Spotting Strox indicators in phishing URLs may not confirm that the attack is directly linked to the service.

Currently, Strox offers twelve phishing kits, each priced at $90 USD. Purchasing equipment includes a unique API key, guaranteeing the buyer ongoing development and updates, including content and antibot information. 

Customers can preview demo phishing pages before making their selection. What’s striking is the auto-translation feature, ensuring the phishing content aligns with the victim’s browser language, covering over 230 languages.

Real-time Phishing Operations

One of the key features of Strox’s offering is the real-time admin panel that allows threat actors to control and monitor their attacks. 

This live panel provides insights into how many people view the phishing content and their actions. 

It’s also employed in man-in-the-middle attacks to obtain two-factor authentication codes and bypass additional security checks.

Notably, when threat actors are unavailable to monitor the attacks, they can set them to a dormant state to avoid detection during unproductive times. 

Strox also handles the exfiltration of stolen credentials through a centralized Telegram bot, ensuring encrypted communication and providing a marketplace for selling these ill-gotten credentials.

Automated log ad listing generated on a threat actor’s Telegram.
Automated log ad listing generated on a threat actor’s Telegram.

Strox stands out by offering to set up hosting infrastructure for its users, a service that most other PhaaS platforms do not provide. 

They offer bulletproof hosting of a cPanel installation for $3 a day, with features like a 30-day “No ‘Red Flag’ Guarantee,” unlimited bandwidth, DDoS protection, and HTTPS SSL Certification. 

However, Strox remains hands-off regarding domain registration, requiring users to register their domains to avoid detection from anti-phishing processes.

The choice of a “bulletproof” host has evolved over time. Initially, Strox used VPS installations on Digital Ocean servers. 

By the fourth quarter of 2022, they had shifted to Ponytech, FranTech Solutions, and Russian provider Dolgova Alena Andreevna.

In 2023, some Strox servers have been discovered behind CloudFlare’s DDoS protection services, while others continue to use hosting providers from 2022.

Phishing Made Easy with Strox

Strox aspires to be a one-stop shop for phishing threat actors. 

They offer various materials to facilitate phishing campaigns, including phishing email lures, target email lists, and PHP mailing scripts ready to be installed on Strox cPanel setups. 

They even provide more advanced SMS phishing services, allowing smishing lures to be sent to victims in the United States and Canada across all carriers.

What’s alarming is the pattern of increased Strox-linked phishing campaigns during the second quarter of each year. 

Strox has celebrated its anniversaries in both June 2022 and 2023 with sales events. 

Fortra has noticed heightened campaign activity in the months preceding and following these anniversaries, indicating a potential relationship between the sales and cyberattacks.

Strox group announcing their 2nd-anniversary promotion
Strox group announcing their 2nd-anniversary promotion

The rise of Strox illustrates the audacity and adaptability of cybercriminals. While cybersecurity experts continue their battle against these threats, Strox and PhaaS operations like it remain a daunting challenge, serving as a stark reminder of the ongoing struggle to secure the digital world.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...