The vulnerable kits also offer a point of entry to compromise legitimate website servers.
They say it’s a dog-eat-dog world out there, but in cybercrime terms, perhaps it should be called a “phish-eat-phish” situation. Researchers recently discovered that several widely used phishing kits harbor vulnerabilities that can be exploited by other criminals to hijack operations – and commandeer any freshly stolen data.
Worse, compromised kits can be used as a pivot point to infiltrate legitimate websites that have been compromised to host the kits in the first place.
Researchers at Akamai have found holes in the installation stage of some phishing kits that would allow a second attacker to infiltrate and upload additional files, including any sort of executable code – as well as simply take over the operations of the kit.