Greatness Phishing Kit: The New Cyber Menace Targeting Microsoft 365

In the evolving landscape of cyber threats, a new danger has emerged, targeting Microsoft 365 users with alarming efficacy. Trustwave SpiderLabs has been closely monitoring an upsurge in the use of the “Greatness” phishing kit, a sophisticated phishing-as-a-service platform developed by a threat actor known as “fisherstell”. Since mid-2022, Greatness has offered a comprehensive toolkit for orchestrating phishing campaigns, now alarmingly accessible for $120 per month in Bitcoin.

This increase in Greatness’ usage, particularly from December 2023 to January 2024, has raised significant concerns. The exact number of victims remains unclear, but the kit’s widespread use and robust support system, including a dedicated Telegram community, underline its threat potential.

Greatness distinguishes itself with regular updates, enhancing its ability to bypass security measures. The latest update, released in early January 2024, was accompanied by detailed documentation on the Greatness Hub’s Telegram channel, outlining its new features, tips, and tricks.

Key features of Greatness include:

• Customizable email components for heightened engagement.
• Advanced anti-detection techniques to evade spam filters and detection systems.

A phishing variant using HTML attachment | Image: Trustwave SpiderLabs

Greatness operates on a subscription basis, available via Telegram. It caters to a range of users, including budding cybercriminals, lowering the entry barrier to cybercrime. Once subscribed, users can create and distribute phishing emails or attachments that mimic legitimate sources like Microsoft. These emails or attachments are designed to capture login credentials, often even bypassing Multi-Factor Authentication (MFA) by exploiting the additional security codes.

The phishing kit utilizes clever coding techniques in its HTML attachments to conceal phishing URLs, making it more challenging to detect. These attachments vary in form, including common file types and QR codes.

The effectiveness of the Greatness kit lies not just in its technical prowess but also in its exploitation of human psychology. The phishing emails generated create a false sense of urgency, using phrases that spur immediate action, such as “urgent invoice payments” or “urgent account verification required.” These emails often appear to come from trusted sources and use familiar file formats, thereby reducing the recipients’ suspicion.

Once the target opens the email, they are either directed to a fake website resembling a legitimate login page or unknowingly install malware, giving attackers access to their information.

This spike in Greatness phishing kit usage signifies a worrying trend in cybercrime. Its ease of use, combined with effective social engineering techniques, makes it a formidable tool in the arsenal of cybercriminals. The challenge for cybersecurity experts and users alike is to stay vigilant and informed, as the landscape of digital threats continues to evolve with increasing sophistication.