RiskIQ researchers said that the new LogoKit phishing kit was detected on more than 700 unique domains in the last month alone and on 300 in the last week.
Worse, this tool allows hackers to modify logos and text on phishing pages in real time, tailoring sites for specific purposes.
LogoKit relies on sending to users phishing links containing their email addresses. As soon as the victim goes to such a URL, LogoKit pulls up the company logo from a third-party service, for example, Clearbit or from the Google favicon database.
Analysts point out that modularity allows LogoKit operators to organize attacks on any company, spending a minimum of time and effort. For example, over the past month, LogoKit has been used to create fake login pages that mimic a wide variety of services, from regular login portals to fake SharePoint login pages, Adobe Document Cloud, OneDrive, Office 365, and several cryptocurrency exchanges.
Let me remind you that Cybercriminals started using Google services more often in phishing campaigns.