16Shop, currently tracked by the ZeroFOX Alpha Team, is a prolific phishing kit distribution network. Phishing kits are tools created and sold by cyber criminals which are used to fake login pages used by popular services, such as Amazon. When a victim navigates to these pages and types in their credentials, the credentials are stored, typically in either a text file or email that only the cybercriminal running the scam has access to. Using 16Shop, cybercriminals can purchase phishing kits and are given a license to distribute them for a price. The shop offered Apple kits and Amazon kits, and now recently have begun offering Paypal and American Express kits. These kits can be used to phish unsuspecting victims for their personal information, such as credit card numbers.
What makes the 16Shop kits stand out from typical phishing kits sold on marketplaces, is the use of defense/scanner evasion. By implementing a blacklist along with using free tools like an anti-crawling library called CrawlerDetect and the use of antibot.pw (a bot detection service), 16Shop’s kits can avoid detection by site crawlers and other automated defense mechanisms.