CyberSecurity news
Fogerlog@Phishing Tackle
//
A sophisticated phishing-as-a-service (PhaaS) platform known as Morphing Meerkat is actively exploiting DNS vulnerabilities. According to a recent analysis, this operation leverages DNS mail exchange (MX) records to dynamically generate and serve fake login pages tailored to victims' email providers, impersonating over 100 brands. This technique creates highly convincing impersonations, making it increasingly difficult for users to distinguish between legitimate and malicious login pages.
Researchers have discovered that Morphing Meerkat utilizes DNS over HTTPS (DoH) to evade detection, acting as a secret tunnel by encrypting DNS queries. The platform queries DNS MX records to identify the specific email service used by the target and generate spoofed login pages that closely mimic the genuine ones, increasing the likelihood of successful credential theft. This PhaaS platform has been active since at least 2020 and has evolved significantly, including dynamic translation into over a dozen languages.
ImgSrc: phishingtackle.
References :
- hackread.com: A recent analysis published by Infoblox reveals a sophisticated phishing operation, dubbed Morphing Meerkat, actively exploiting DNS vulnerabilities…
- The DefendOps Diaries: Explore Morphing Meerkat, a sophisticated Phishing-as-a-Service threat using advanced evasion techniques to bypass cybersecurity defenses.
- www.bleepingcomputer.com: A new phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...]
Classification:
- HashTags: #Phishing #MorphingMeerkat #DNS
- Target: 100+ Brands
- Attacker: Morphing Meerkat
- Feature: Phishing
- Type: Hack
- Severity: Major