The gang sold phishing kits designed to make it easier for novice cybercriminals
Trend Micro, a global reference in cybersecurity solutions, helped Interpol in dismantling a gang specializing in phishing scams. PaaS website 16shop provided a Phishing as a Service (PaaS) platform with kits designed to lower barriers to entry for novice cybercriminals, allowing them to scale scams with ease.
“Trend Micro has collaborated with Interpol for many years, so when we received the request for help we didn’t think twice. This action proves once again that public-private partnerships, backed by powerful threat intelligence, can be a powerful force in international cybercrime investigations,” said Jon Clay, vice president of Threat Intelligence at Trend Micro.
Interpol approached Trend Micro for the first time, in 2020, asking the company to use the threat intelligence area to monitor the actions of the PaaS website 16shop. The researchers discovered and reported to Interpol that:
– Attacks supported by 16shop were prevalent in Japan, the United States and Germany;
– 16shop customers were able to create phishing pages to collect Amazon, American Express, PayPal, Apple and CashApp credentials, as well as US bank logins;
– The platform's phishing kits automatically localized the language of phishing sites, according to the location of the victims;
– The site featured features designed to thwart access restrictions, such as geolocation and anti-sandbox;
– The 16shop website was hosted on several legitimate cloud providers to avoid detection.
– 16shop had been active since 2018 and, probably, several imitation pages were active at least until 2021.
According to Interpol, Trend Micro's Threat Intelligence Report helped arrest the likely administrator of 16shop and two other suspects in Indonesia and Japan. In total, the 16shop platform is estimated to have been used to carry out attacks phishing attacks to more than 70,000 victims in 43 countries.
Trend's partnership with Interpol in this operation reiterates previous commitments, such as the operation called “African Cyber Surge” in 2022 and the dozens of training sessions that the company has provided to government agencies since 2014, including a five-day course recently held in Manila, Philippines.
EN 
PT 
