Phishing-as-a-service, often known as PhaaS, is a black-market industry in which trained cybercriminals offer access to the tools and information necessary to carry out a phishing assault in a manner similar to that of a software-as-a-service model.
Vendors of phishing kits promote and sell them on dark web forums. Phishing kits are toolkits that comprise everything required to launch an email assault, including curated databases of targets and branded email templates.
The Resecurity Hunter team researchers discovered a new phishing as a Service toolkit, named Frappo, that is being aggressively disseminated on the dark web and via Telegram channels.
“Frappo” acts as a Phishing-as-a-Service – providing anonymous billing, technical support, updates, and the tracking of collected credentials via a dashboard. Initially, the service popped up in the Dark Web around 22ndMarch, 2021, and has been significantly upgraded since then.
Threat actors may use Frappo to undertake a broad spectrum of impersonation assaults, as Frappo enables fraudsters to host and develop high-quality phishing websites that impersonate major online banking, e-commerce, and retail services in order to steal personal information from their target customers.
The PhaaS provides a dashboard that keeps track of the credentials that have