Phishing Frenzy: 140,000+ Websites Created with Sniper Dz in One Year

Sniper Dz
Workflow of hiding phishing content behind a public proxy server. | Image: Unit 42

Cybersecurity researchers at Palo Alto Networks have uncovered a widespread Phishing-as-a-Service (PhaaS) platform known as Sniper Dz, which has facilitated the creation of over 140,000 phishing websites in the past year alone. Targeting popular social media platforms and online services, this PhaaS platform enables phishers to quickly and easily launch phishing attacks, making it a significant threat to users worldwide.

Sniper Dz offers an online admin panel that allows prospective phishers to generate phishing pages tailored to well-known brands and services. The platform provides two options: phishers can either host these pages on Sniper Dz’s infrastructure or download templates to host on their own servers. Surprisingly, these services are offered free of charge, potentially luring more phishers to use the platform.

Unlike other PhaaS platforms that charge for these services, Sniper Dz collects stolen victim credentials from its users as compensation. By inserting backdoors in the phishing templates, this platform can exfiltrate stolen data to its own servers, further increasing its influence in the phishing ecosystem.

One of Sniper Dz’s unique tactics is its use of public proxy servers to hide the source of its phishing content. By routing traffic through proxies, the phishing infrastructure is protected from detection by security systems. This technique allows Sniper Dz to operate in the shadows while enabling phishers to launch live attacks without setting up their own infrastructure.

Sniper Dz phishing campaigns also abuse legitimate Software-as-a-Service (SaaS) platforms such as Blogspot. By using well-known, trusted domains to host phishing pages, attackers can evade detection and increase the likelihood of tricking victims. Sniper Dz even offers a built-in tool to convert phishing pages into the Blogger format, making it easier for phishers to deploy their attacks on these platforms.

With over 7,000 subscribers on its Telegram support channel and videos showing thousands of views, it’s clear that Sniper Dz has attracted a large number of cybercriminals. The platform’s ease of use, combined with its free services, has made it a go-to resource for those looking to carry out phishing attacks without much technical knowledge.

With advanced evasion techniques and the ability to harvest victim credentials on a massive scale, Sniper Dz is likely to continue fueling phishing attacks worldwide. Users and organizations must remain vigilant, employing strong security practices to protect themselves from these emerging threats.

Related Posts: