Security researchers detail a new phishing-as-a-service (Phaas) platform in a recently released report. The platform is an example of how initial access brokers gain a foothold in organizations’ networks.
Robin Banks is the name of a new PhaaS platform which, as the name of the service suggests, offers ready-made phishing kits enabling access to financial details and personal information of individuals in the U.S., the U.K., Canada, and Australia.
The large-scale campaign and phishing platform was discovered by IronNet researchers. Dubbed Robin Banks, the service targets victims via SMS and email in an attempt to gain access to credentials pertaining to Citibank, Google and Microsoft accounts.
According to IronNet’s report, the primary motivation for scammers is financial. The Robin Banks kit, however, also tries to obtain credentials for Google and Microsoft accounts, indicating it could also be used by more advanced threat actors looking to gain initial access to corporate networks. Once such access is granted, cybercriminals can carry out ransomware attacks as well as other post-intrusion malicious activities.
What’s in a phishing-as-a-service (PhaaS) kit?
“Generally, these kits include sets of files that are pre-packaged to contain all the code, graphics, and configuration files necessary to create a phishing page. This can include features like curated databases of targets or branded email templates, and they’re often designed to be easily deployable and reusable,” the report explained.
Shortly said, PhaaS kits provide an efficient way for threat actors of all levels to gain access to specifically targeted accounts and networks.
What’s specific about the Robins Banks PhaaS platform?
The so-called Robin Banks threat actor seems to be specifically interested in targeting U.S.-based financial companies, as well as other organizations in the U.K., Canada, and Australia. The researchers have discovered that the threat actor has been using the IP 5.206.227[.]166 and has been active since at least August 2020. The threat actor’s latest platform has been operating since March or April 2022.
Scammers interested in the platform and service should create an account and pay via Bitcoin. “When entering the site, customers are faced with a well-organized dashboard, offering a sidebar with features to set up a new page, monitor current pages, add funds to the wallet, and more,” the report revealed.
Robin Banks Phishing-as-a-Service platform prices
Single pages including possible future updates and 24/7 support, are available for $50 per month. For full access including access to all pages plus updates and 24/7 support, the platform requires a monthly fee of $200.
As for average prices, a single kit deployed via a phishing-as-a-service provider can cost anywhere between $150-$300/month, the report shared. The price can be higher, depending on the provided services.
The Robin Banks phishing kit provides customization options thanks to which scammers can impersonate a number of brands. Scammers are also offered the option to opt into blocking users based on user agent strings or to use reCAPTCHA when bot activity is detected.
In conclusion, despite not being much different than the average PhaaS platform out there, Robin Banks’ dedication to 24/7, fixing bugs and pushing updates to its features makes it outstanding.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: