A new phishing kit called Impact Solutions offer cybercriminals a simplified “point-and-click” tool to launch convincing social-engineering attacks and spread malware, Abnormal AI reported Thursday.The kit offers numerous features and templates for a variety of malware delivery methods including crafting of LNK, SVG and HTML attachments as well as evasive measures including file type masking, User Account Control (UAC) bypass techniques and anti-sandbox checks.For example, the LNK shortcut builder offers a simple point-and-click interface to disguise a LNK as other file types such as PDFs, MP4s or images.This allows a low-skilled attacker to simply select a spoofed file icon to disguise the file with, provide a file name, description and remote URL and then click “Build” to download the masked shortcut they can then send as an attachment.Impact Solutions can also be used to build Scalable Vector Graphics (SVG) with embedded malicious scripts and self-contained HTML files that appear to the user like normal web pages.The tool’s HTML templates include fake log in pages and “secure invoice viewers” that provide instructions for users to bypass certain security measures to unknowingly launch malicious files disguised as invoice documents.There is also a ClickFix module that builds an HTML page that displays a fake Cloudflare CAPTCHA along with a classic ClickFix prompt instructing the victim to copy and paste Base64-encoded PowerShell commands into their Windows terminal.In addition to building malicious attachments with embedded malware, users can also create attachments that retrieve files from remote servers for more flexible attacks.Impact Solutions’ builder lowers the barrier for low-skilled attackers to launch relatively advanced social engineering campaigns with little-to-no coding skills or technical expertise.Combined with commodity malware, toolkits like Impact Solutions can enable even amateur hackers to launch damaging cyberattacks against individuals and businesses.Advertised on cybercriminal forums since at least early September 2025, Impact Solutions aligns with ongoing trends such as the increasing use of commercialized cybercrime tools (PhaaS, MaaS), use of uncommon attachments like SVGs and utilization of the ClickFix social engineering method.Abnormal AI recommends the use of behavior-based detection tools, especially AI-powered tools, to help detect advanced social engineering attempts.
Phishing, Email security, Malware, Threat Intelligence
New ‘point-and-click’ phishing kit simplifies malicious attachment creation
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds