The RSA Anti Fraud Command Center discovered the "plug-and-play" phishing kit in June following a forensic analysis of several attacks on a financial institution.
Traditional phishing sites usually include various files which must be installed on a compromised server where the attack is hosted. Typical files are PHP code files, HTML pages, images of the bank logo and cards, etc, the company said.
"The files must be installed one by one in the appropriate directories, on the server which is controlled by the phisher. The process is rather simple, and is not very time-consuming. However, it does mean that the phisher has to access the compromised server several times and install the files manually.
"The kit is a single PHP code file, which is run on the compromised server once, and automatically creates the relevant directories and installs all of the files associated with the specific phishing site.
"During testing of the kit in the RSA phishing lab, a phishing site was installed within approximately two seconds," RSA said.
Because phishers need access to the compromised server only once, the risk of being caught is much lower. This increases the chance of them hijacking sites.
RSA warned that a phisher could use other tools to search for vulnerable servers and upload files to them without actually hacking into the server. Combining this with plug-and-play phishing kits would significantly decrease the workload involved in creating and launching new attacks, it said.