"DEV-1101 Updates Open Source Phishing Kit"

The threat actor known as DEV-1101 has been spotted by security researchers at Microsoft, developing and advertising a new adversary-in-the-middle (AiTM) open source phishing kit.  The researchers noted that the threat actor group began offering their AiTM phishing kit in 2022 and, since then, has made several enhancements to their kit.  These include the capability to manage campaigns from mobile devices and evasion features like the bypass of CAPTCHA pages.  The researchers noted that the DEV-1101 kit is written in NodeJS with PHP reverse-proxy capabilities, automated setup, and detection evasion through an antibot database.  It also features phishing management activity via Telegram bots, as well as several ready-made phishing pages impersonating services like Microsoft.  On June 12, 2022, DEV-1101 announced that the kit would be open source with a $100 monthly licensing fee.  The actor also provided links to additional Telegram channels and a now-defunct GitHub page.  The researchers noted that months later, DEV-1101 then upgraded the kit again to include the ability to manage servers through a Telegram bot instead of cPanel.  DEV-1101 increased its tool's price multiple times due to the rapid growth of its user base from July through December 2022.  The researchers noted that as of right now, DEV-1101 offers their tool for $300, with VIP licenses at $1,000.  Legacy users were permitted to continue purchasing licenses at $200 before January 1, 2023.  The researchers stated that they observed several threat actors conducting large-scale phishing campaigns (millions of phishing emails per day) using the tool offered by DEV-1101.

Infosecurity reports: "DEV-1101 Updates Open Source Phishing Kit"