This new phishing campaign can tailor its messages to target you with your favorite businesses

LovabledanielsMarch 28, 202562 Views

Morphing Meerkat phishing kit can spoof more than 100 different brands
It’s been used to send “thousands” of emails, experts warn
Defenses includes adding a strong layer of DNS security

Cybercriminals have created a new technique to serve phishing emails to business users which are almost indistinguishable from legitimate messages.

Cybersecurity researchers Infoblox spotted the Phishing-as-a-Service (PhaaS) kit, built by a threat actor dubbed Morphing Meerkat, which deploys DNS Mail exchange (MX) records, dynamically serving fake login pages.

The technique allows them to spoof more than 100 different brands, making it quite a potent offering for cybercriminals.

Open redirects

“Morphing Meerkat’s PhaaS platform and phishing kits are unique compared to others because they dynamically serve phishing login webpages based on the DNS MX record of each victim’s email domain,” the researchers explained, saying that it lets the attackers display web content “strongly related” to the victim’s email service provider.

“The overall phishing experience feels natural because the design of the landing page is consistent with the spam email’s message,” they added.

Morphing Meerkat hasn’t exactly drawn much attention to itself yet, which might sound rather surprising given the fact that it sent “thousands” of spam emails from servers mostly located in the UK and the United States.

However, the researchers said the operation is “difficult” to detect at scale, since the attackers know where security blind spots are, and have been exploiting them via open redirects on adtech, DoH communication, and popular file-sharing services.

To protect themselves, organizations should add a strong layer of DNS security to their systems, Infoblox concludes, which includes tightening DNS controls and not allowing users to communicate with DoH servers.

“If companies can reduce the number of unimportant services in their network, they can reduce their attack surface, giving few options to cybercriminals for threat delivery,” Infoblox concluded.

Weekly update

Drone shows destruction following huge Iran port explosion | Infrastructure

Kendrick Lamar Breaks Record On Grand National Tour Opening Night

Medical software company database may have exposed tens of thousands of health records and PII

Weekly Newsletter

This new phishing campaign can tailor its messages to target you with your favorite businesses

Leave a comment

Leave a Reply Cancel reply

Explore more

Kendrick Lamar Breaks Record On Grand National Tour Opening Night

Medical software company database may have exposed tens of thousands of health records and PII

New Meta XR glasses again tipped to land later this year – well ahead of Apple’s rumored AR glasses with Apple Intelligence

Kanye West Says Virgil Abloh Died After “Stealing” From Him

Perplexity will make AI images for you, but ChatGPT is the one doing the work

Could the ‘Angry Magpie’ save your business from insider threat and data-related attacks?

Smart surfaces could represent a powerless solution to multipath signal interference

Dual scalable annealing processors overcome capacity and precision limits

Get to Know Us

Let's keep in touch