Security firm Imperva has uncovered a new, automated, cloud-based phishing kit.
Unlike traditional phishing kits, which have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers.
Two master hackers wrote and then posted a phishing kit into hacker forums, but any hacker using this kit becomes an unknowing member of the master hacker's army.
When hackers use this kit and deploy a successful phishing campaign, all the stolen credentials and information goes straight back to the master hacker without the proxy hacker's knowledge.
"It's very clever. The master hacker never needs to conduct a campaign to see financial gain," said Amichai Shulman, chief technology officer at Imperva, who uncovered the cloud-based phishing kit.
Because the phishing kit is cloud-based, the infrastructure for this phishing kit never goes away, said Shulman.
In traditional schemes, when a server is taken down the web page and all the back-end data collection capability comes offline, but in a cloud-based approach data is hosted separately.
Taking down the "front-end" server does not impair the campaign because the command and control centre is unaffected, said Shulman.
This means hackers only need to repost the web front-end in a new location to be back in business, he said.