Logokit – The most advanced phishing tool kit; You cannot ignore

Ramya Erramilli

February 4, 2021

Logokit – The most advanced phishing tool kit You cannot ignore

Amongst the many known cyber-attacks, Phishing takes the throne. Users, including the experienced ones, can fall prey to phishing. Phishing has become a very cost effective, low skill & straightforward way for cyber criminals over the years now to harvest credentials from across the globe. The effectiveness of phishing attacks is getting better and better with time with innovations in deceiving users. LogoKit is an advanced kit in this series which you cannot ignore.

What is LogoKit?

Logokit is a framework that generates dynamic login pages, in real time which look nearly identical to legitimate authentication widget of the subject application and has a better chance of deceiving the users to provide their credentials.

This novel tool was discovered by RiskIQ, a threat intelligence firm, which has been following the kit since its evolution. Stats shared by RiskIQ mention that Logokit is already installed on 300+ domains over the past week and 700+ sites over the past month.

How is Logokit used in phishing?

Logokit is used for sending phishing links to the user’s email address.

"Once a victim navigates to the URL, LogoKit fetches the company logo from a third-party service, such as Clearbit or Google's favicon database," RiskIQ security researcher Adam Castleman said in a report on Wednesday.

After the user enters his password, Logokit makes a dynamic AJAX request and sends these credentials to an external source after which the user is redirected to a legitimate website.

"The victim email is also auto-filled into the email or username field, tricking victims into feeling like they have previously logged into the site," he added.

How is Logokit different from standard phishing?

Standard phishing tool involves generating a foolproof login page for each and every target organisation or application for which the victim's credentials need to be harvested. The approach being time consuming, costly and needs changes when there is a change in the webpages or design of the target.

Logokit has innovatively solved this. A set of JavaScript embeddable functions are used by Logokit to impersonate the company’s webpage in real time, making it difficult for the user to differentiate.

RiskIQ also stated that over the past month, Logokit was used to imitate services like Office 365, Adobe Document Cloud, and many cryptocurrency’s websites.

Also, being small in size, Logokit is hosted on several different most trusted platforms like Firebase, Oracle cloud, Github which in turn are extensively used in corporate environments.

How does PureID Help?

We, at PureID, are helping enterprises become passwordless and protect its users from cyberattacks involving credentials. Our passwordless approach makes phishing attacks targeting the user credentials irrelevant.