A naukri.com initiative
Infoblox
6d
342
Image Credit: Infoblox
A Phishing Tale of DoH and DNS MX Abuse
- Threat actors are utilizing DNS to enhance cyber campaigns, including employing DNS MX records for phishing activities, by Morphing Meerkat.
- Morphing Meerkat leverages DNS MX records to serve fake login pages, targeting over 100 brands, using open redirects and stolen credentials distribution.
- The phishing kits are part of a PhaaS platform exhibiting consistent tactics and features for personalized, multilingual phishing schemes.
- Morphing Meerkat evades traditional security by redirecting to compromised websites, bypassing email security, dynamically translating content, and cloaking phishing material.
- The platform tracks campaigns targeting email credentials with phishing templates evolving to over 114 brands, incorporating DNS MX record-based dynamic loading.
- Spam emails generated by Morphing Meerkat spoof sender details and use scare tactics to prompt victims to click on phishing links leading to fake login pages.
- Morphing Meerkat employs various techniques to evade detection, including using legitimate domains for URL redirection and implementing anti-analysis measures.
- The platform dynamically loads phishing pages based on victims' DNS MX records, sending stolen credentials through email or Telegram, while obfuscating code for security evasion.
- Morphing Meerkat's advanced phishing techniques highlight the importance of DNS security and monitoring for cybersecurity defense against evolving threats.
- Visibility and monitoring are vital in cybersecurity defense, with advanced phishing techniques like those used by Morphing Meerkat emphasizing the need for DNS security.
Read Full Article
20 Likes
For uninterrupted reading, download the app