A new report from Trustwave cybersecurity researchers SpiderLabs has claimed hackers are increasingly turning to the Greatness phishing kit due to its advanced features, simplicity in use, and relatively low cost.
Greatness was developed by a threat actor going by the alias “fisherstell” and has been available since mid-2022, primarily targeting Microsoft 365 office software users.
Other hackers can rent the tool to get everything they need to launch a successful phishing campaign – from email generation, to anti-detection measures, to an active community happy to help.
Bypassing MFA
To purchase a license, hackers would need to go to the tool’s Telegram channel and pay $120 a month, in Bitcoin. After that, they get customizable email elements where they can tweak sender names, email addresses, subjects, messages, attachments, and QR codes. They can also use features such as randomizing headers, encoding, and other obfuscation techniques aimed at bypassing email security filters and making it into the victims’ inboxes.
While all of the features probably sound enticing, it’s the price that makes all the difference, Trustwave hints. “This signifies the widening availability for anyone to launch phishing campaigns with a minimal charge of $120 per month in Bitcoin, lowering the barrier of entry for cybercrime,” the company said.
The kit is designed to target Microsoft 365 accounts credentials. It can even bypass multi-factor authentication (MFA) solutions, by asking victims for the codes sent to their phones and email addresses. Finally, the usernames and passwords that get extracted via this phishing attack get sent to the attackers through Telegram, once again.
To remain secure, Microsoft 365 users are advised to be careful when reading and reacting to emails, especially those that carry a sense of urgency (pending transaction, returning parcel, salary inquiries, etc.), or attachments which could be malware.
