BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Phishing service Robin Banks returns for new attacks on banking systems


    Robin Banks' PhaaS service (Phishing-as-a-Service) is once again working with the infrastructure of a Russian company that offers protection against DDoS attacks.

    The PhaaS platform was discovered in July 2022 by researchers from IronNet. The Robin Banks service targets many major banks, including Citibank, Bank of America, Capital One, Lloyds Bank, and more.

    After the discovery of Robin Banks by IronNet experts, the information security company Cloudflare blacklisted the interface and backend of the platform, abruptly stopping the ongoing phishing campaigns of cybercriminals.

    A new IronNet report warns of the return of Robin Banks and highlights the measures its operators have taken to better hide and protect the platform from researchers. New features include Multi-Factor Authentication (MFA) bypass and a redirector to help avoid detection.

    To restore their work, Robin Banks operators turned to the Russian Internet service provider DDoS-Guard. The company's clients included the Hamas website, the HKLeaks website, and the American forum Kiwi Farms.

    To prevent unauthorized users from accessing the phishing panel, Robin Banks has now added two-factor authentication for customer accounts. In addition, all discussions between the main administrators are now conducted through a closed Telegram channel.

    One of the platform's new features is the use of a third-party cloaker, bot filter, and ad tracker. Service operators use this tool to avoid detection by redirecting valid targets to phishing sites and scanners and unwanted traffic to safe websites.

    The developers of Robin Banks have also implemented a reverse proxy for AiTM attacks (Adversary-in-The-Middle) and stealing cookies containing authentication tokens. This helps scammers bypass the MFA mechanism as they can use the captured cookies to log into the account as if they were the owner of the account.

    Robin Banks separately sells the new MFA Bypass feature and says it works with Google, Yahoo and Outlook phishlets.

    The work of Robin Banks is based only on easily accessible tools and services, so PhaaS platforms can be created by any user, even without the relevant experience.

    Author DeepWeb
    Uber Eats will start doing courier deliveries for canna shops in Toronto
    LockBit stole the data of a leading consulting company

    Comments 0

    Add comment