A phishing-as-a-service (PhaaS) platform named Sniper Dz has been linked to more than 140,000 phishing websites over the past year, demonstrating its widespread use by cybercriminals to steal credentials.
Free Phishing Kits with Double Theft Capabilities
Researchers from Palo Alto Networks Unit 42 have reported that Sniper Dz provides an online admin panel featuring phishing templates for a variety of websites, such as X (Twitter), Facebook, Instagram, Netflix, PayPal, and many more. While these phishing kits are available for free, the credentials harvested by cybercriminals are also exfiltrated to the Sniper Dz operators—a tactic known as double theft.
Workflow of hiding phishing content behind a public proxy server.
Telegram Channel with Over 7,000 Subscribers
Sniper Dz maintains an active presence on Telegram, with a channel boasting over 7,170 subscribers as of October 1, 2024. Interestingly, a day after the release of Unit 42’s report, the platform’s operators activated auto-delete for posts after one month, possibly as an attempt to cover their tracks.