Robin Banks PhaaS reemerges with improvements

BleepingComputer reports that the Robin Banks phishing-as-a-service platform has returned after being disrupted in July, following a report by IronNet that detailed the usage of the platform in targeting various financial institutions, including the Bank of America, Citibank, Wells Fargo, and Capital One. Ongoing phishing campaigns using Robin Banks were then thwarted by Cloudflare but the PhaaS platform has reemerged with multi-factor authentication and a redirector meant to better evade detection, a new report from IronNet showed. Russian internet services provider DDoS-Guard has been sought by Robin Banks operators to resume their service, with two-factor authentication also added for customer accounts in an effort to avert outsider use of the PhaaS platform's phishing panel. Aside from also leveraging a private Telegram channel for communications between core administrators, Robin Banks has also begun leveraging the Adspect bot filter, ad tracker, and cloaker, as well as the Evilginx2 reverse proxy for conducting adversary-in-the-middle attacks.