Week in OSINT #2023-14

Phishing, sock puppets, virtualization and more on this Easter Monday episode of Week in OSINT!

I start off with something different for once, namely about the way that malicious code, like phishing kits, are being offerend online. An article by Kaspersky clearly shows what a big part Telegram plays in this trend. They have an extensive article on what they found when inspecting different kits, and looking at the vendors. Telegram is, and will stay, an important platform that the security community is constantly monitoring!

  • Phishing Kits on Telegram
  • Screenshots in Maltego
  • Disinformation and Twitter
  • AI and Sock Puppets
  • UTM on MacOS

Article: Phishing Kits on Telegram

It seems that Telegram has become the de facto standard for the makers, or providers, of phishing kits to share their products. In a recent article by Securelist, by Kaspersky, it shows how the platform is used to share these frameworks and how one is able to create new kits with the click of a button. On the other hand, I can see how this can also become a lot easier for SOCs, or antivirus makers, to create generic fingerprints, and block these malicious sites, or add them to a public repo like StalkPhish Yara rules, that can be found here!

Telegram bots offering phishing kits
Telegram bots offering phishing kits

Link: https://securelist.com/...

Tool: Screenshots in Maltego

Mario Rojas built a Maltego transform that enables a user to make screenshots of websites. The installation is rather straightforward. Just don't forget to install the Python requieements (like I did haha), and create an ApiFlash account. One word of warning: It doesn't work on CloudFlare protected pages, since it's blocked by a CAPTCHA. But there might be a solution for that by using a CloudFlare worker. Nice job creating this transform Mario, and thanks for sharing it!

Capturing screenshots in Maltego
Capturing screenshots in Maltego

Link: https://github.com/TURROKS/Maltego_Web2Screenshot

Tip: Disinformation and Twitter

I was notified by Kevin Rothrock that Twitter is going to be an important platform to watch, and not only because of all the great people on there According to an article in the Telegraph, Twitter seemed to have lifted some of the restrictions that were posed upon Russian state media accounts. This will open the door to more disinformation, which will obviously create more work for factcheckers and journalists.

Twitter changing to a disinformation machine?
Twitter changing to a disinformation machine?

To illustrate how low the platform has sunk, one simply needs to read the last paragraph of the article. I'll highlight a short part of it here:

"The email address for the company’s press office responded with an automatic reply featuring a poo emoji..."

Link: https://www.telegraph.co.uk/technology/...

Article: AI and Sock Puppets

Rae Baker and Espen Ringstad wrote an article about how an AI chatbot can be used when creating a sock puppet. Even though 100% realistic looking images of people is still rather hard, it doesn't take a lot to edit in such a way, that it looks like an artwork avatar. But the background information, and even a real sounding name, can easily be crafted with the help of an AI. The only time this might become an issue, is when the AI is feeding such information back to the internet at some day, maybe leaking information that might be able to burn a well crafted account.

My own spin on crafting a sock puppet with ChatGPT 4
My own spin on crafting a sock puppet with ChatGPT 4

I ran a similar request, as shown abovem and ChatGPT 4 gave me fictional contact information, a summary and list of skills. But it also gave me a full history with jobs, crafting sentences as: "Led projects from inception to delivery, ensuring on-time and on-budget delivery." Besides that, it came up with three hobbies, and ended with three alternative names that could be used, all of them sounding German, and generic enough it would be more than usable for a real sock puppet.

Link: https://www.raebaker.net/blog/...

Tool: UTM on MacOS

Over on Kase Discord (the former OSINT Curious Discord), Swagalicious mentioned that he has used UTM as virtualization software with succes on his MacBook. UTM is built for the MacOS environment, and is able to both virtualize an OS, using the native CPU, or emulate any other system. It's available for a small price in the App Store, or you can download it for free from their website. Form UTM website it is also possible to download pre-configured installations, but since I am not able to verify what is in it, or whether that is safe, I don't recommend doing that, but download an original ISO file from the original vendor, and install from scratch.

So far installing Windows is indeed just as fast... Err, slow!
So far installing Windows is indeed just as fast... Err, slow!

Link: https://mac.getutm.app/

Have a good week and have a good search!

Previous Post Next Post