Yahoo has long been tagged as insecure after reports of massive data breach in the company. In the Philippines, a lot of Filipinos still use their email service. This is evident in the recent phishing campaign that targetted Yahoo Mail users wherein most of the compromised accounts belong to Filipinos.

It’s possible that the culprits behind this phishing attack are noob Filipino hackers. The technique used to phish Yahoo mail credentials is pretty easy to replicate. They even used the free web hosting platform 000webhost as a server for gathering the collected credentials. The account belongs to a certain “Admiral Ice”.

As of this writing, the hosted site remains accessible and anyone can easily sneak up to the list of compromised users. The file “PassFace.txt” contains all the credentials willingly entered by the victims. We have tried to verify some of the entries if the credentials are still valid and were able to gain access to some of the accounts.

In the course of our investigation, we have also found out that the culprits have sent several variants of Yahoo phishing mails. The other variants, which is also using the same phishing technique and is hosted on the same platform, were sent a month ago. Below is a copy of the other variant sent last month:

We have since submitted the associated file samples and URLs to some security vendors for detection. While this attempt will not totally stop the hackers from doing what they love to do, may this serve as an awareness that we are all potential victims and that we should always be on guard online.

Fjordan Allego
Follow me

Related Posts:

By Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.