Over the past year, over 140,000 phishing websites have been linked to the Sniper Dz phishing-as-a-service (PhaaS) platform, demonstrating its widespread use by cybercriminals. The platform offers a user-friendly admin panel that provides phishers with a catalog of phishing page templates. Users can either host these templates on Sniper Dz’s own infrastructure or download them to host on their own servers. Notably, Sniper Dz provides these services for free, which has contributed to its rapid adoption by threat actors looking to conduct credential theft campaigns.
One of the platform’s key features is its ability to exfiltrate stolen credentials back to the operators, a technique known as “double theft.” Phishers using Sniper Dz benefit from this setup, as the platform collects the credentials they steal, increasing the value of the service. The platform also operates a Telegram channel with more than 7,000 subscribers, where users share information and tools related to phishing attacks. This enables aspiring cybercriminals with limited technical skills to easily enter the world of phishing, furthering the reach of these cyber threats.
Sniper Dz also employs several evasion techniques to avoid detection by security systems. Phishing pages hosted on Sniper Dz’s infrastructure are hidden behind legitimate proxy servers, making it harder for security tools to trace the attack back to its origin. Additionally, the platform allows users to convert phishing templates to Blogger formats, which can then be hosted on Blogspot domains, further expanding the attack surface. These techniques make it increasingly difficult for defenders to combat phishing campaigns launched through Sniper Dz.
The impact of Sniper Dz is compounded by other phishing tactics, such as those revealed by Cisco Talos, which highlight the exploitation of poorly validated web forms for phishing attacks. Attackers abuse backend email systems to distribute malicious links and carry out phishing campaigns that bypass spam filters. This growing trend of phishing-as-a-service platforms and email-based attacks underscores the increasing sophistication and scale of cybercrime operations targeting unsuspecting internet users.
Reference:
