Researchers observed a phishing kit being hosted on a Coronavirus-themed website, attempting to lure victims there using the on-going pandemic. The domain, was registered relatively recently. The main phishing kit is a ZIP archive containing all the files needed for the attacker’s phishing operation. Several custom sets of files are contained to target specific credential sets, such as Office365 and AOL, along with more generic phishing pages in an attempt to gather whatever credentials the user is willing to provide.
Six key files inside the phishing kit were :