Modern phishing kits: React SPA + EmailJS exfiltration (PaaS evolution)
Key Questions
What technologies power modern phishing kits like React SPA and EmailJS?
Modern kits use React Single Page Applications (SPAs) with EmailJS for invoice and OAuth exfiltration, hosted on PaaS like Railway, Bubble AI, and GitHub Pages. They leverage Shadow DOM, VENOM PhaaS QR codes, AiTM, and SharePoint lures. Serverless device code and MS Bookings bypasses enable sophisticated attacks.
What was the W3LL PhaaS operation and its impact?
W3LL was a phishing-as-a-service empire powering global BEC attacks, dismantled by FBI Atlanta and Indonesian authorities, preventing $20M in fraud. It targeted M365 with AiTM kits. The takedown highlights evolution to serverless phishing.
What is an example of GitHub Pages abuse in phishing?
Domains like quiksmardex.pages.dev pose high-risk phishing by luring victims to enter wallet credentials for fake decentralized crypto scams. This abuses free GitHub hosting for malicious SPAs. InboxPrime AI emails and Evilginx3 phishlets amplify such threats.
React SPAs/EmailJS for invoice/OAuth; Railway/Bubble AI/Shadow DOM; VENOM PhaaS QR/AiTM/SharePoint C-Suite lures; InboxPrime AI emails; Evilginx3 phishlets; MS Bookings bypasses; GitHub Pages abuse (quiksmardex.pages.dev crypto); serverless device code; W3LL PhaaS AiTM M365 BEC takedown ($20M fraud).