RiskIQ researchers said that the new LogoKit phishing kit was detected on more than 700 unique domains in the last month alone and on 300 in the last week.
Worse, this tool allows hackers to modify logos and text on phishing pages in real-time, tailoring sites for specific purposes.
LogoKit relies on sending users phishing links containing their email addresses. LogoKit pulls up the company logo from a third-party service, such as Clearbit or the Google favicon database when the victim goes to such a URL.
Analysts point out that modularity allows LogoKit operators to organize attacks on any company, spending a minimum of time and effort. For example, over the past month, LogoKit has created fake login pages that mimic various services, from regular login portals to fake SharePoint login pages, Adobe Document Cloud, OneDrive, Office 365, and several cryptocurrency exchanges.
Let me remind you that Cybercriminals started using Google services more often in phishing campaigns