Logokit – The most advanced phishing tool kit; You cannot ignore

Ramya Erramilli February 4, 2021 Uncategorized

Amongst the many known cyber-attacks, Phishing takes the throne. Users, including the experienced ones, can fall prey to phishing. Phishing has become a very cost effective, low skill & straightforward way for cyber criminals over the years now to harvest credentials from across the globe. The effectiveness of phishing attacks is getting better and better with time with innovations in deceiving users. LogoKit is an advanced kit in this series which you cannot ignore.

What is LogoKit?

Logokit is a framework that generates dynamic login pages, in real time which look nearly identical to legitimate authentication widget of the subject application and has a better chance of deceiving the users to provide their credentials.  

This novel tool was discovered by RiskIQ, a threat intelligence firm, which has been following the kit since its evolution. Stats shared by RiskIQ mention that Logokit is already installed on 300+ domains over the past week and 700+ sites over the past month.

How is Logokit used in phishing?

Logokit is used for sending phishing links to the user’s email address.

"Once a victim navigates to the URL, LogoKit fetches the company logo from a third-party service, such as Clearbit or Google's favicon database," RiskIQ security researcher Adam Castleman said in a report on Wednesday.

Source: RiskIQ

After the user enters his password, Logokit makes a dynamic AJAX request and sends these credentials to an external source after which the user is redirected to a legitimate website.

"The victim email is also auto-filled into the email or username field, tricking victims into feeling like they have previously logged into the site," he added.

How is Logokit different from standard phishing?

Standard phishing tool involves generating a foolproof login page for each and every target organisation or application for which the victim's credentials need to be harvested. The approach being time consuming, costly and needs changes when there is a change in the webpages or design of the target.

Credits: katemangostar

 Logokit has innovatively solved this. A set of JavaScript embeddable functions are used by Logokit to impersonate the company’s webpage in real time, making it difficult for the user to differentiate. 

RiskIQ also stated that over the past month, Logokit was used to imitate services like Office 365, Adobe Document Cloud, and many cryptocurrency’s websites.

Also, being small in size, Logokit is hosted on several different most trusted platforms like Firebase, Oracle cloud, Github which in turn are extensively used in corporate environments.

 How does PureID Help?

We, at PureID, are helping enterprises become passwordless and protect its users from cyberattacks involving credentials. Our passwordless approach makes phishing attacks targeting the user credentials irrelevant.

References:

https://www.riskiq.com/blog/external-threat-management/logokit-phishing/

https://www.zdnet.com/article/new-cybercrime-tool-can-build-phishing-pages-in-real-time/

https://itigic.com/logokit-tool-that-creates-phishing-attacks-in-real-time/

katemangostar - www.freepik.com

Share the post    
Previous Post
Git Server with default credentials When you set up things that are connected to the internet, they generally require protection from unauthorized access. This protection is often provided by passwords. In most of these cases, a default password with a username is given for first time configuration. As a general security practice, you are supposed […]
Read More...
Slack introduced a bug on 21st December 2020 that caused their android app to store user passwords in plain text on their local storage. Slack communicated users to change their Slack passwords as well as to clear the Slack app data on android devices. The affected users’ passwords have been invalidated and they will be […]
Read More...