Yahoo has long been tagged as insecure after reports of massive data breach in the company. In the Philippines, a lot of Filipinos still use their email service. This is evident in the recent phishing campaign that targetted Yahoo Mail users wherein most of the compromised accounts belong to Filipinos.
It’s possible that the culprits behind this phishing attack are noob Filipino hackers. The technique used to phish Yahoo mail credentials is pretty easy to replicate. They even used the free web hosting platform 000webhost as a server for gathering the collected credentials. The account belongs to a certain “Admiral Ice”.
As of this writing, the hosted site remains accessible and anyone can easily sneak up to the list of compromised users. The file “PassFace.txt” contains all the credentials willingly entered by the victims. We have tried to verify some of the entries if the credentials are still valid and were able to gain access to some of the accounts.
In the course of our investigation, we have also found out that the culprits have sent several variants of Yahoo phishing mails. The other variants, which is also using the same phishing technique and is hosted on the same platform, were sent a month ago. Below is a copy of the other variant sent last month:
We have since submitted the associated file samples and URLs to some security vendors for detection. While this attempt will not totally stop the hackers from doing what they love to do, may this serve as an awareness that we are all potential victims and that we should always be on guard online.
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024