-
The Spiderman phishing tool has been circulating on the darknet, enabling threat actors with no coding experience to deploy advanced full-scale hacks.
-
The tool goes for financial institutions in Europe, which include prominent banks such as ING and Deutsche, by creating picture-perfect geographically aimed signs in duplicates.
-
The tool’s capability for instantaneous interception of oneOTPs allows threat actors to completely take over the accounts.
The “Spiderman” phishing kit is a new cybercrime tool being sold on the dark web. Cybersecurity researchers have uncovered this new piece of malware, which allows even individuals with no technical training or skills to use it.
The kit creates an unprecedented means for criminals to carry out attacks efficiently against financial institutions located throughout Europe. This type of malware indicates a significant increase in the professionalization of Cybercrime.
This is because it allows cybercriminals with little or no experience to perform far-reaching, well-organized operations against banks and other financial institutions in several different European countries.
The Evolution of Cybercrime: Sophistication Without Skill
The biggest threat with the Spiderman toolkit is how readily available and all-encompassing the kit is. Marketed as a comprehensive, “full-stack” phishing kit, it does not require any programming skills. This trend of commoditizing cybercrime is a key driver behind the dark web’s explosive growth as a service-based criminal economy.
In the past, people needed to have substantial technical skills as well as a great deal of resources to be able to execute dispersed phishing attacks mimicking several legitimate high-security login sites. Spiderman changes all that.
With an easy-to-acquire Spiderman, a cybercriminal can easily buy or use the tool in order to launch a well-designed operation with the mammoth monetary rewards associated with such efforts. These stolen credentials—particularly those from major corporate and financial institutions form the core stock of dark web marketplaces, where they are bought and sold in bulk to facilitate further fraud, data breaches, and network intrusions.
Analysts from research firms such as Varonis believe that the Spiderman kit is classified as one of the greatest threats and the most troubling tools examined in recent years.
Cybersecurity experts believe this is so because of the amount of data it contains and the large geographical area involved. Researchers have discovered that the Spiderman kit targets banks and financial services in at least five European countries, illustrating the dangerous conformity of these targets.
Threat intelligence analysts specifically identified Deutsche Bank, Commerzbank, ING, CaixaBank, and multiple cryptocurrency wallets, extending their focus to additional non-fiat banking entities.
The kit achieves efficiency by allowing users to create multiple financial brands within a single system. The criminal selects a specific financial institution they wish to target, and the software will then create an exact duplicate of the institution’s login page.
The user can also download pre-made templates for email lures and SMS lures, which enables the criminals to conduct large-scale and misleading campaigns aimed at collecting user credentials.
The technology behind the kit is capable of capturing all of the information needed to fully take over an account: login ID, password, credit card number, and most importantly, real-time security codes. The sheer volume of stolen financial data generated by such tools is staggering, with dark web markets often found listing thousands of compromised cards and account details for sale in single batches.
Live Theft and Regulatory Restrictions
The most dangerous piece of technology included in the Spiderman kit is its ability to capture the OTP codes transmitted to the user’s mobile device in real-time.
Many banks across Europe utilize OTP codes as a key piece of authentication when users conduct a transaction or log in to their banking account, using mobile applications or SMS. These institutions use OTP codes to prevent this credential harvesting.
The Spiderman kit captures the user’s username and password and then provides the user with a prompt requesting a one-time passcode. The kit then captures this passcode and utilizes it shortly after to accomplish the fraudulent login. It is worth noting that the malware does this before the legitimate user has an opportunity to respond to the prompt or the passcode becomes invalid.
