A Phishing as a Service (PhaaS) platfom which sold phishing templates to other cyber criminals has been closed down by the Royal Malaysian Police
BulletProftLink was a service which had been in operation since 2015 and had thoousands of subscribers all over the world. The site primarily offered templates of cloned login pages for popular websites and apps, but also offered collections of stolen credential logs as well as hosting service for fake websites.
The site and its operators had been the subject of security researchers and law enforcement for a few years – In 2020, cybersecurity researcher Gabor Szathmari linked the operator of the service to a Malaysian national living a life of luxury.
In 202, a Microsoft report warned about the high volume of phishing attacks the site could facilitate and the large number of templates available to buyers for sums of up to $2,000/mth.
Whilst the site offered hosting services for criminals, many templates were hosted via other cloud provider platforms such as Google Cloud and Microsoft Azure to evade email security tools.
Takedown
The Royal Malaysian Police was aided in their operation by the Australian Federal Police and the FBI in order to dismantle the operation and take down multiple domains used by the illegal site.
The Nov 6 raid on the criminal site saw the arrest of eight people – one of them the man believed to be the leader of the operation. Law enforcement operatives also seized cryptocurrency wallets holding approx. $213,000, servers, computers, jewelry, vehicles, and payment cards.
Data recovered from the confiscated servers will allow law enforcement to identify users of the platform to potentially enable further sutdowns and arrests. As of April 2023, BulletProftLink had over 8,000 active subscriptions.
