Researchers from Trustwave have reported on the steady increase in the PHAAS platform known as Greatness, which aims to gather training data from Microsoft 365 users.
Greatness is being sold to other cybercriminals as a ready-made phishing kit, complete with infrastructure support, for just $120 per month. This significantly lowers the entry barrier and enables even inexperienced hackers to carry out large-scale attacks.
The attack method involves sending phishing emails containing malicious HTML attachments. When these attachments are opened, recipients are redirected to fake login pages where their account credentials are intercepted.
To increase their chances of success, the emails impersonate trusted sources such as banks and employers, creating a false sense of urgency. These are standard tactics employed by attackers.
The number of victims targeted by this campaign is currently unknown, but Greatness is actively used and supported by a community in Telegram where members exchange tips and attack methods.
Additionally, phishing attacks have been observed against South Korean companies, using bait that imitates technology companies to distribute Venomrat (also known as Asyncrat) through malicious Windows (LNK) Yarlyki files.
The Ahnlab (ASEC) Analytical Security Center has issued a warning about continuously distributed fake files disguised as legitimate documents. Users may mistake the Yarlyki file for a regular document, as the “.LNK” extension is commonly associated with Windows shortcuts.