Home Malware Programs Malware 16Shop

16Shop

Posted: January 22, 2020

The number of PayPal phishing pages found online has been increasing recently, and one of the main contributors to this worrying statistic is the 16Shop phishing kit – a service that is being advertised on online hacking forums and enables any cybercriminals to gain access to a user-friendly and easy-to-utilize phishing page creation. The 16Shop phishing gang has been around for several years, but so far, they supported phishing pages for other popular services like Amazon, Apple and American Express – this is their first attempt at targeting the most popular online payment service.

16Shop Phishing Kit Adds Support for PayPal

According to cybersecurity researchers, the 16Shop phishing kit can be used to craft fake PayPal login pages in English, Thai, Spanish, German and Japanese. One surprising thing about the 16Shop phishing kit is that its customers do not need to possess a Web hosting service to deploy the phishing page they have crafted – all of the content is hosted on servers operated by the 16Shop gang members. According to forum posts advertising the paid 16Shop phishing kit, the cybercriminals who opt to try it out will gain access to an easy-to-use online administrator panel, as well as live chat support and assistance with any issues they may have. Overall, 16Shop's latest update has enhanced the user experience, and this is likely to be one of the main reasons why this phishing kit has been used so often recently.

The PayPal phishing pages that the 16Shop kit creates are able to exfiltrate more than just the login credentials of the victim – it also attempts to collect geolocation, credit card information, email address and even the victim's phone number. The details are obtained by displaying fake confirmation prompts that are designed to look like legitimate PayPal alerts. The collected data is then extracted to an email inbox operated by the attacker.

It is not uncommon for cybercriminals to offer their products as rentable services to generate extra revenue – the 16Shop phishing kit is one of the most popular on the market at the moment, especially because of its brand-new PayPal module. We advise you to be extra wary for suspicious emails from PayPal, as well as make sure that you only enter your login credentials in trustworthy and verified websites.

Loading...