Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it's being offered for sale for barely nothing to lure new criminals in

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

A new report from Trustwave cybersecurity researchers SpiderLabs has claimed hackers are increasingly turning to the Greatness phishing kit due to its advanced features, simplicity in use, and relatively low cost.

Greatness was developed by a threat actor going by the alias “fisherstell” and has been available since mid-2022, primarily targeting Microsoft 365 office software users.

Other hackers can rent the tool to get everything they need to launch a successful phishing campaign - from email generation, to anti-detection measures, to an active community happy to help.

Bypassing MFA

To purchase a license, hackers would need to go to the tool’s Telegram channel and pay $120 a month, in Bitcoin. After that, they get customizable email elements where they can tweak sender names, email addresses, subjects, messages, attachments, and QR codes. They can also use features such as randomizing headers, encoding, and other obfuscation techniques aimed at bypassing email security filters and making it into the victims’ inboxes.

While all of the features probably sound enticing, it’s the price that makes all the difference, Trustwave hints. “This signifies the widening availability for anyone to launch phishing campaigns with a minimal charge of $120 per month in Bitcoin, lowering the barrier of entry for cybercrime,” the company said.

The kit is designed to target Microsoft 365 accounts credentials. It can even bypass multi-factor authentication (MFA) solutions, by asking victims for the codes sent to their phones and email addresses. Finally, the usernames and passwords that get extracted via this phishing attack get sent to the attackers through Telegram, once again. 

To remain secure, Microsoft 365 users are advised to be careful when reading and reacting to emails, especially those that carry a sense of urgency (pending transaction, returning parcel, salary inquiries, etc.), or attachments which could be malware

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS