TZUTC: -0500   
   MSGID: 743.consprcy@1:2320/105 2c4d32b5   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   This new phishing campaign can tailor its messages to target you with your   
   favorite businesses   
      
   Date:   
   Fri, 28 Mar 2025 15:03:00 +0000   
      
   Description:   
   Security researchers from Infoblox found a new phishing kit called Morphing   
   Meerkat.   
      
   FULL STORY   
      
   Cybercriminals have created a new technique to serve phishing emails to   
   business users which are almost indistinguishable from legitimate messages.    
      
   Cybersecurity researchers Infoblox spotted the Phishing-as-a-Service (PhaaS)   
   kit, built by a threat actor dubbed Morphing Meerkat, which deploys DNS Mail   
   exchange (MX) records, dynamically serving fake login pages.    
      
   The technique allows them to spoof more than 100 different brands, making it   
   quite a potent offering for cybercriminals.    
      
   Morphing Meerkats PhaaS platform and phishing kits are unique compared to   
   others because they dynamically serve phishing login webpages based on the    
   DNS MX record of each victims email domain, the researchers explained, saying   
   that it lets the attackers display web content strongly related to the    
   victims email service provider.    
      
   The overall phishing experience feels natural because the design of the   
   landing page is consistent with the spam emails message, they added.    
      
   Morphing Meerkat hasnt exactly drawn much attention to itself yet, which    
   might sound rather surprising given the fact that it sent thousands of spam   
   emails from servers mostly located in the UK and the United States.    
      
   However, the researchers said the operation is difficult to detect at scale,   
   since the attackers know where security blind spots are, and have been   
   exploiting them via open redirects on adtech, DoH communication, and popular   
   file-sharing services.    
      
   To protect themselves, organizations should add a strong layer of DNS    
   security to their systems, Infoblox concludes, which includes tightening DNS   
   controls and not allowing users to communicate with DoH servers.    
      
   If companies can reduce the number of unimportant services in their network,   
   they can reduce their attack surface, giving few options to cybercriminals    
   for threat delivery, Infoblox concluded.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/this-new-phishing-campaign-can-tailor-i   
   ts-messages-to-target-you-with-your-favorite-businesses   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426