Phishing Kit Hosted On Nigerian Government Site

BleepingComputer published a report regarding a phishing kit being hosted on an official Nigerian government website and other sites. Researchers identified a DHL phishing kit being hosted on the Nigerian National Assembly (NASS) website. It appears to be a landing page that users would be directed to via a phishing campaign.

While investigating the phishing kit, multiple websites hosting the same malicious page were identified. Some of these sites are legitimate sites that have been compromised to host the kit while others appear to have been registered specifically for the purpose of phishing users.

MalwareHunterTeam, while looking further into the NASS domain, found that the DHL phishing kit was just one of many malicious pages that have been hosted on the domain in the past. If a user falls victim to the phishing attempt, their credentials are sent to the attacker, and an error message claims that their credentials are incorrect. Attackers are likely selling the obtained credentials on underground forums to turn a profit.

Although the scammers did a poor job impersonating the original DHL website, plenty of victims are likely to fall for the trick.

Indicators of Compromise

Domains

  • onlinequranglobal.com
  • pioneer-sys.net
  • beesnaturals.com
  • davidveyossef.com
  • lafabricacasarural.com

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: