Summary: A new phishing-as-a-service (PhaaS) platform named Morphing Meerkat has been uncovered, exploiting DNS mail exchange records to create fake login pages for approximately 114 brands. The actor behind it is known for using compromised domains and adtech infrastructure, delivering targeted campaigns that dynamically translate content into various languages. This sophisticated technique enhances the phishing experience, making it appear genuine and increasing the likelihood of credential theft.
Affected: Various organizations and email service providers (e.g., Gmail, Microsoft Outlook, Yahoo!)
Keypoints :
- Phishing campaigns use compromised WordPress sites and ad tech vulnerabilities to deliver messages.
- The phishing toolkit translates messages into multiple languages for broader reach.
- It identifies the victim’s email service provider using DNS MX records to serve tailored fake login pages.
- The landing pages employ obfuscation and anti-analysis tactics to hinder detection.
Source: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html