Previously seen in November of 2018 targeting Apple users, 16Shop is back again and this time Amazon users are the intended targets. Researchers discovered that Amazon users had been targeted since May of 2019. More than 200 million URL’s that were observed have been flagged as malicious, which means the kit is being used in the wild heavily. Users are receiving emails with attached PDF files that claim their account is being accessed by an unauthorized party and changes are being made. It then requests that the user follow the link in the email to review the changes. From there, the user is taken to a malicious site that requests login information. “The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience. To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages,” stated researchers. With today being Prime Day, there is likely to be an uptick in these phishing attempts.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased