Phishing Kits: the new frontier of hacker attacks

Attack numbers continue to grow, hackers continue to acquire new skills and scams diversify even more, creating a situation that makes both experts and non-experts think. The exponential growth of online fraud is mainly due to the emergence of fraudulent scams, and it is necessary to analyze and study them appropriately to understand what we are facing.  Compared to the most common forms of fraud, phishing is much more dangerous since it is more democratized and accessible. The latest quarterly report of the Anti-Phishing Working Group (APWG) reported that over 611,000 phishing attacks were detected in January-March 2021 alone, marking a record for the month of January which recorded around 245,711 attacks[1]

Ready-to-deploy phishing kits

In the past, to design and implement a successful phishing campaign, deep technical skills were required to go through all the phases in the lifecycle. Phishing pages typically had to be a perfect copy of a spoofed or targeted page, but appropriately modified to send the collected sensitive data to the phisher. Previously, this attack required a plethora of technical skills for a phisher to be successful, ultimately limiting the number of people that could potentially engage in this now skyrocketing attack vector. But the latter have found alternative ways to remedy this gap: thus a new phenomenon was born which quickly became a trend, named phishing kits. It is a collection of files (the kit, in fact) that the author, or rather the hacker, installs on a fake page that imitates, for example, a bank website or Facebook, which already contains internally the code to collect users credentials. The attack is therefore not designed from scratch, but the scammers copy and paste pieces of code from other kits, adapting them to their needs. These kits are sold to phishers, who install them on the site they want to attack. This new fraudulent system is therefore very dangerous, on the one hand because it allows less experienced fraudsters to buy complex code from a cyber criminal, and on the other hand because both parties receive the victim’s data at the time of the attack. In other words, Phishing kits are ready-to-deploy packages which require the bare minimum effort to use.

Therefore, there are very few original kits: the Kit is a great source of data, as it provides information on the techniques that are used for phishing attacks and Phishing Kit analysis can therefore also lead to the identification of criminals. However, the kits are not recognizable by the user: for the more attentive ones it is possible to recognize the Phishing page itself, but to identify the kit hidden behind the page, special tools are needed.

Democratized Cyber Crime

The most concerning aspect of these scams is the democratization of the attack: in addition to having reduced the complexity of developing the attack, the latter becomes within the reach of anyone, even the inexperienced criminal. In fact, these kits are also “democratizing” or leveling the playing field among cyber criminals and other malicious actors. The rise of this phenomenon around the world have all but removed this barrier to entry, making it a fairly simple and turnkey process to engage in the criminal act of phishing. With a lower threshold now in place, the increase in bad actors launching phishing attacks is likely responsible for the exploding number of attacks worldwide that have been reported by the Anti-Phishing Working Group (APWG). Not surprisingly, phishing also represents the costliest type of data breach according to a study conducted by the Ponemon Institute for IBM Security. It would be necessary to focus on phishing page generator kits to block fraud attempts and identity theft in the bud: to this end, new policies could be introduced to allow automatic control of uploaded content.

Related:   Dramatic rise in claims due to hacker attacks

The attacks democratization phenomenon involves also to the much discussed ChatGPT: just like the phishing kits, ChatGPT also makes hacker attacks easier to implement, thanks to a specific prompt, it is in fact possible that even an individual without high skills can implement a hacker attack. The new AI tool has already attracted many cyber criminals, who in the first place have made almost identical copies of the site or app. Downloading those from official stores, and installing them in the phone, they can then spread malicious content. There is also another most serious problem: through specific and artfully built queries, ChatGPT is the perfect tool that, in the hands of an attacker, helps him to create what, in the cyber world, are called spear phishing attacks.

Raise Awareness

Unfortunately, users cannot independently identify attacks, let alone phishing ones: in this sense, the only solution becomes to increase and raise awareness to the possibility of these attacks that leverage implicit trust. In fact, in most cases the victim is familiar with the platform and accesses it regularly: this is the case, for example, of social networks, Netflix or payment services such as PayPal. People are used to receiving emails from these platforms and they do not notice that the domain from which these emails are received is slightly different from the official one.

This also applies in the corporate environment, especially why personal devices are increasingly used. In companies, protecting against ever-evolving phishing attacks requires a robust IT security training program for business users and the support of new technologies such as artificial intelligence: only the latter can in fact allow to identify data breaches, misuse of credentials to fraudulent purposes, and compromised files in the dark web. It should become required to set up a person or a team cyber competent who can identify these illegal.


[1]  Taken from Phishing Kits Source Code Similarity Distribution: A Case Study

Chief Marketing Officer at

Graduated in Management at the University of Cagliari and at the Universidad Complutense de Madrid, Lorenzo Asuni has over 10 years of experience in startup and scaleup filed as Marketing & Sales Director. In the past he launched AirHelp, YCombinator startup included among the top 100 global startups in 2016, Lunii a French scaleup and led the growth of the Italian Enuan. He has an international experience between the USA and Europe, specialized in Growth Hacking and Digital Marketing. It has also recently launched two projects in the field of sport marketing and health-tech: respectively Teda and Healthy Virtuoso, a rapidly expanding reality in recent years.

In February 2022 he joined the Ermes team as Chief Marketing Officer leading the company's initiatives aimed at disseminating knowledge and awareness of its innovative security system and will promote the large-scale expansion of corporate marketing to respond to the direction of international growth recently undertaken by the company.

Leave a Reply

Your email address will not be published. Required fields are marked *