A sophisticated multistage phishing campaign dubbed ‘Heatstroke’ has been identified by security researchers, where scammers apparently steal PayPal and Credit Card information. It was called Heatstroke after a variable found inside the phishing kit’s malicious code.
Security researchers from Trend Micro discovered this sophisticated phishing campaign and made it public in a report that also includes a description of the different methods used by the malicious payload that steals information from victims.
Attackers behind the campaign are said to carry out considerable amount of research on potential victims before selecting them as targets for the phishing attack. Researchers said these attackers aim for the victim’s private address list that also includes managers and employees in the technology industry. It was also found that the threat actors focused on Gmail addresses as they can gain access to the Google Drive and further hack the Android phone linked to the email address. The stolen credentials are transferred to an email address using steganography, a popular method used for hiding or embedding data into an image.
Heatstroke is a perfect example to highlight the fact that phishing attacks no more stick to classic techniques. The multistage capabilities, the ability to hide trails, and other sophisticated techniques suggest that users will have to be much more careful when encountering phishing emails.