Nova Shop - Phishing Kit Author

#novashop #l33bo #phishingkitauthor #phishing #phishingkit

The Nova Shop phishing kit author targets Banks.  The kit looks basically identical to the ones authored by l33bo phishers ( https://phishingkittracker.blogspot.com/2019/05/l33bo-phishing-kit-author.html ) so either they are based off the same kit or related in some way.


May contain the text
created by novashop.bz





There will be possibly a "blocker.php" and "index.html" in the root and then a "banks" sub-folder






In the banks folder will be sub-folders for each bank targeted such as BMO, CIBC, Tangerine, RBC, etc.











In each bank folder is the actual phishing pages like. Each sub-folder has varying files perhaps some named "processing.php", "logging.php" , "blocker.php" .
Multiple files will contain the #threatactoremail such as "processing.php"




example 1
md5 c6d0dde75d1a62737e24ad7029ad1dca
https://www.virustotal.com/#/file/0e23e01a922bddb1a3c87f624c43951109c8e0b1be58e49e73f74a68085108ac/detection
http://access-securiser.net/incoming%20(1).zip
Reference
https://twitter.com/PhishingAi/status/1131933870025191424

Comments

Popular Posts