A new report from Trustwave cybersecurity researchers SpiderLabs claims that hackers are increasingly turning to the Greatness phishing kit due to its advanced features, simplicity of use, and relatively low cost.
Greatness was developed by a threat actor under the alias “fisherstell” and has been available since mid-2022, primarily targeting users of Microsoft 365 office software.
Other hackers can rent the tool to get everything they need to launch a successful phishing campaign: from email generation to anti-detection measures and an active community happy to help.
Without going through MFA
To purchase a license, hackers would have to go to the tool's Telegram channel and pay $120 a month in Bitcoin. After that, they get customizable email elements where they can modify sender names, email addresses, subjects, messages, attachments, and QR codes. They may also use features such as header randomization, encryption, and other obfuscation techniques aimed at bypassing email security filters and reaching victims' inboxes.
While all the features probably seem attractive, it's the price that makes the difference, suggests Trustwave. “This means the increasing availability for anyone to launch phishing campaigns with a minimum charge of $120 per month in Bitcoin, lowering the barrier to entry for cybercrime,” the company said.
The kit is designed to target Microsoft 365 account credentials. It can even bypass multi-factor authentication (MFA) solutions, asking victims for codes sent to their phones and email addresses. Finally, the usernames and passwords that are extracted through this phishing attack are sent to the attackers via Telegram, once again.
To remain safe, Microsoft 365 users are advised to use caution when reading and reacting to emails, especially those that carry a sense of urgency (pending transaction, package returns, salary inquiries, etc.), or attachments. which could be malware.
