Spiderman phishing kit targets European banks

A new phishing kit, dubbed Spiderman, has been found circulating on the dark web, making it easier to trick customers of major European banks and financial service providers. This is a complete, full-stack phishing kit that allows individuals with no technical skills to launch broad attacks across multiple countries, according to a recent report by HackRead.

The Spiderman kit is a sophisticated, ready-made program that eliminates the need for coding knowledge, enabling attackers to quickly mimic the login pages of dozens of European financial institutions and cryptocurrency platforms. Researchers from Varonis identified it as one of the most dangerous tools analyzed this year due to its scale and reach across five countries. The kit targets banks such as Deutsche Bank, Commerzbank, ING, and CaixaBank, along with crypto wallet providers. Its efficiency lies in consolidating multiple financial brands into a single platform for wide-scale targeting. Attackers can easily select a bank, launch a pixel-perfect clone, and send a pre-made lure. The kit also includes modules for stealing crypto seed phrases. It features real-time data theft, capturing login details, credit card numbers, and one-time security codes, enabling full account takeover and identity theft. Geo-blocking and exclusion filters help it evade detection by security experts and automated scanners.

The Spiderman kit's ability to intercept real-time OTP codes poses a significant vulnerability for banks relying on such security measures. The swift evolution of user-friendly attack tools like Spiderman presents an immediate and serious challenge to digital finance security across Europe, highlighting the need for enhanced, adaptive cybersecurity strategies and potentially stricter regulatory oversight for financial institutions.

Source: HackRead