Showing posts from October, 2020

Analysing a Phishing C&C server

  I recently uncovered a phishing command and control (C&C) Simple Mail Transer Protocol (SMTP) server hosted on the same page that the kit was deployed on. Surprise surprise, they were targeting PayPal. The Leaf PHP Mailer: The phishing page has all the features you would largely expect to see of a phishing C&C. The main features the attackers require is a way to send out hundreds, if not thousands, of fake emails maquerading as a service such as PayPal to a long list of target email address. Other features the Leaf PHP mailer also offers includes adding HTML code to the phishing email.  Blacklist checker: The blacklist checker enables the phisher to check whether their host is blocked by spam lists and to maintain a record of how likely their phishing emails are likely to land in inboxes. Once an IP address appears on too many list, the operator can transfer to a new host and start the process again.  The CAPTCHA: Nowadays, a large number of credential harvesting phishing pag