Newly emergent phishing kits BlackForce, GhostFrame, InboxPrime AI, and a Salty-Tycoon hybrid could allow extensive credential exfiltration activities, according to The Hacker News.Multiple brands, including UPS, DHL, Disney, and Netflix, have been spoofed by the actively developed BlackForce kit, which conducts man-in-the-browser intrusions to obtain one-time passwords while evading multi-factor authentication, a report from Zscaler ThreatLabz showed.On the other hand, GhostFrame, which is underpinned by a simple HTML file that conceals illicit behavior in an iframe, was reported by Barracuda researchers to redirect to phishing sites pilfering Google or Microsoft 365 credentials, while leveraging anti-analysis and anti-debugging tools.Meanwhile, AI has been tapped by the InboxPrime AI phishing kit to automate email attacks that not only copy human behavior but also bypass email filters, reported Abnormal Security researchers. ANY.RUN researchers also shed light on the novel Salty-Tycoon hybrid kit, which poses an attribution challenge.Such findings come as Varonis researchers disclosed the new Spiderman phishing kit, which has been leveraged to target customers of major European banks and financial service providers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds