Law enforcement officials in Ukraine, in coordination with
authorities from the U.S. and Australia, last week shut down one of
the world’s largest phishing services that were used to attack
financial institutions in 11 countries, causing tens of millions of
dollars in losses.
The Ukrainian attorney general’s office said[1]
it worked with the National Police and its Main Investigation
Department to identify a 39-year-old man from the Ternopil region
who developed a phishing package and a special administrative panel
for the service, which were then aimed at several banks located in
Australia, Spain, the U.S., Italy, Chile, the Netherlands, Mexico,
France, Switzerland, Germany, and the U.K.
Computer equipment, mobile phones, and hard drives were seized
as part of five authorized searches conducted during the course of
the operation.
Security researcher Brian Krebs noted[2]
the raids were in connection with U-Admin[3], a phishing framework
that makes use of fake web pages to pilfer victim credentials more
efficiently.
It is estimated[4]
that over 50% of all phishing attacks in 2019 in Australia were
carried out using the phishing toolkit.
The hacker is believed to have not only sold his products to
customers around the world via an online store in the dark web but
also alleged to have provided technical support during phishing
attacks.
More than 200 active buyers of malicious software have been
identified, Ukrainian officials said.
U-Admin allowed customers to exfiltrate data entered by victims
on compromised websites by injecting malicious code into the
browser. The crimeware platform’s info-stealing capabilities also
extended to capturing two-factor authentication codes.
The hacker, who has been arrested on charges of creating and
distributing malicious software and breaking into computer
networks, faces up to six years of imprisonment if found
guilty.
References
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/hffB8OEgdko/ukrainian-police-arrest-author-of.html