Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached.
An example of the message within the email is shown below, with an accompanying translation:
When the victims click on the link in the attached pdf file, they are redirected to a phishing site where they will then be tricked in to updating their account information, which often includes credit card details.
The following is one of the many pdf files that we have seen attached to the phishing emails:
The phishing page is shown below:
The following image shows the information that is being phished:
The following map shows the locations where we have observed this phishing campaign:
The author of this phishing campaign used the conversion site Pdfcrowd.com to create the malicious pdf file, which was attached in the phishing emails. (The pdf tag can be seen below):
16Shop phishing kit
The phishing kit originates in Indonesia and the code handles multiple languages:
Most phishing kits will email the credit card and account details entered on the site directly to the malicious actor. The 16Shop kit does this, too, and also stores a local copy in other text files. This is a weakness in the kit because anyone visiting the site can download the clear-text files (if the attacker uses the default settings).
The kit includes a local blacklist, which blocks certain IP addresses from accessing the website. This ..
Support the originator by clicking the read the rest link below.
