Original link: https://www.wpdaxue.com/newsletter/130108.html
A newly discovered phishing kit targeting PayPal users is trying to steal a trove of personal information from victims, including government identification documents and photos. The toolkit is hosted on a legitimate WordPress site that has been hacked, which allows it to evade detection to a certain extent. The phishing kit was discovered after attackers planted it in their WordPress honeypot. Threat actors target poorly secured websites and brute force logins using a list of common credential pairs found online. They use this access to install a file management plugin that allows phishing kits to be uploaded to the compromised site. Akama
This article is reprinted from: https://www.wpdaxue.com/newsletter/130108.html
This site is for inclusion only, and the copyright belongs to the original author.