javascript contador Skip to content

How services work to steal passwords from unsuspecting users

How services work to steal passwords from unsuspecting users


With the nonsense of doing services of everything we can think of, a service has come to love those who want to steal passwords left and right: Welcome Phishing as a Service warmly.

It seems like a joke more typical of April Fools’ day, but unfortunately it is a very obvious reality. We already showed you with the Ransomware that we can modify through a web page to act as we would like, the only thing we had to do is find out how to sneak it into the victim’s computer, and Today we bring you another unfortunate example of this with Phishing.

How the Phishing service works to steal passwords

What you have above is the control page of a website called fake-game that is sold as a Phishing as a Service: it gives us everything we need to steal passwords from unsuspecting users, just like that. Solito is capable of generate links that simulate being access pages of known services such as Google, Facebook or Instagram, and even verifies that the data provided is correct when the victim sends it.

Once you have received them, the page will automatically go to the real Google authenticator page to avoid suspicions, although you will have to re-enter them (this time in the real one). Meanwhile, the false page has kept all the information sent flat to us.

The only thing we have to do is generate the link with the conditions we want and find out how we can sneak it to the user to whom we want to steal the account. It can be through an email, through SMS messages or even with a QR or NFC code. When the user bites, we will receive the data in our control panel, in addition to which they will go to the service database for VIP users.

Yes, you read correctly, this kind of service also have a VIP subscription that allows us, in addition to keeping our stolen accounts secret, to see what are the users and passwords that other users without subscription have obtained.

The scam is so well mounted that the control page even it has things more typical of a legal sale page, such as an online help chat, referral system, discount coupons or the possibility of reselling VIP service accounts. They have even added a message announcing that they know that Google filters have detected their false pages, and that they plan to change their links to avoid it.

Not only does it make money to carry out attacks by ourselves and sell the database; now also can provide money by providing tools to do so, in addition to keeping the data that these users manage to extract. The only thing you need is to put the service, your users will do all the dirty work that involves attacking the victim, and if they also pay you for having privileges in the service, better than better.

In any case, this scam attempt is easy to avoid as long as you don’t catch us off guard: mistrust any strange link that you receive by any means, make sure you establish an HTTPS connection (the green padlock in the address bar) on sites like Google or Facebook when you connect to them and use strong and different passwords between services.