Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Cash App Phishing Kit Deployed In The Wild, Courtesy Of 16Shop

Cash App Phishing Kit Deployed In The Wild, Courtesy Of 16Shop

The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service.

Deployment of the new 16Shop product started as soon as it became available, luring potential victims into providing sensitive details that would give fraudsters access to the account and the associated payment information.

16Shop is a complex phishing kit from a developer known as DevilScream, who set up a protection mechanism against unlicensed use and research activity.

The kit is commercially available and localized in multiple languages. Until recently, it provided code and templates to steal login credentials and payment card details for PayPalAmazonApple, and American Express.

Deployed immediately after release

Towards the end of February, though, a new option became available in the 16Shop store with a $70 tag that targets the Cash App accounts. The app is immensely popular, with more than 10 million installations on Android and over 1.6 million ratings giving it 4.7 out of 5 stars in the App Store.

Security researchers from cybersecurity company ZeroFOX obtained the new Cash App phishing kit on February 25, which was just a day after the final compile time.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

It appears that fraudsters rushed to get it and to deploy it as researchers spotted multiple deployments within a day from 16Shop offering the Cash App phishing kit.

This is a strong indication that the fraud store has plenty of customers that trust 16Shop enough to jump at every opportunity it provides to steal sensitive information from widespread services.

Same recipe as before

ZeroFOX says that the kit has the same base code as the others, and the template mimics the legitimate Cash App site and login workflow as closely as possible.

Getting victims to the phishing page is done through emails and SMS messages that alert on a security issue that led to locking the Cash App account.

A click on the fraudulent link triggers a series of checks before loading the phishing page. The visitor’s IP address, their user agent, and ISP details are collected and processed to determine an association with an automated action (security checks, web crawlers) or a potential victim.

DevThe defenses against bots and indexing activity are present in the Cash App phishing kit as in the other 16Shop kits. The image below shows how the PHP code calls the antibot service, which provides blocking controls for bots and web crawlers.

Identity confirmation pretext

If the victim takes the bait and provides their email address only to see a security notification about unusual activity that led to locking the account.

To regain access, the victim has to provide sensitive details “to confirm identity.” This includes the following:

  • Cash App PIN
  • email address
  • password
  • full name and address
  • Social Security Number
  • payment card details
  • an identification document (state ID, driver’s license)

The 16Shop phishing platform appeals to low-skilled cybercriminals looking for an easy and quick way to collect sensitive accounts, which they can sell on underground forums. They get to configure the kit straight from the store  with parameters for the phishing URL, defenses against security scans, and where to receive the collected data.

Opsec fails

Details about the identity of its developer have been published in the past, based on his online trails. They all point to an Indonesian named Riswanda Noor Saputra, who has a history in defacing websites, developing other phishing kits, and releasing hacking tools.

An error from the author of the Cash App phishing kit seems to confirm the same name, ZeroFOX researchers discovered. After studying the code, they found that when the alert about unusual account activity pops up the email address of the developer is present, hidden behind the dialog.

Researchers at Lookout followed the trail of opsec mistakes the 16Shop developer made and discovered that he won a website design competition in 2017. They concluded that Riswanda is either very good at inventing and maintaining a fake identity or he does a bad job protecting his real one.

A look at Riswanda’s social media activity reveals that he likes to display his wealth to the world and also posts details about upcoming updates and new kits. In the image below, he shows the development of the 16 Shop American Express kit.

Also Read: The 3 Main Benefits Of PDPA For Your Business

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us