Anti-bot services on the dark web allow phishers to bypass Google’s Red Page warnings, evading detection and making phishing campaigns harder to stop. Tools like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot are raising concerns among cybersecurity experts.
Cybercriminals are constantly innovating, and their latest weapon is a new breed of services called the anti-bot services, reveals the latest research from SlashNext. These services are advertised on the Dark Web to help phishers bypass Google’s “Red Page” warnings.
The Power of Google’s Red Page
Phishing attacks have become more sophisticated with the rise of PhaaS (phishing-as-a-service) platforms. These platforms make it easy for even inexperienced criminals to launch large-scale phishing campaigns. However, a major hurdle for phishers has been detection by security services like Google’s Safe Browsing.
Google Red Page is a feature of Google Safe Browsing that warns users of potential dangers, such as phishing attempts. The page, displayed in red, warns users that a site they are navigating may be deceptive and advises them to avoid it. This can significantly limit the success of phishing attacks, as these campaigns rely on high click-through rates, which are significantly lowered when Google’s detection flags a phishing page and adds it to a blocklist.
Anti-Bot Services: A New Challenge for Security Teams
New anti-bot services aim to circumvent Google’s Red Page warnings. These services, including Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, help phishers evade detection. Here is how these work:
- Filtering Out Security Crawlers: Anti-bot services analyze user-agent strings and IP addresses to identify and block security bots that scan for malicious websites.
- Cloaking Techniques: Some anti-bot services use techniques like JavaScript obfuscation or context-switching to serve different content to humans and bots. Real users see the phishing page, while security bots might see harmless content.
- Geolocation-Based Targeting: These services can restrict access to specific regions, ensuring the phishing site remains hidden from international security entities.
- CAPTCHAs and Challenges: By introducing CAPTCHAs or challenge pages, anti-bot services block automated scanners that cannot solve them.
SlashNext researchers note that these services are effective against less sophisticated security bots. However, advanced security measures and manual analysis by security professionals can still detect these phishing sites.
“These services represent the latest evolution in the ongoing cat-and-mouse game between cybercriminals and security measures,” SlashNext researchers explained in the blog post.
Anti-bot services are constantly evolving to stay ahead of security measures. As new detection techniques emerge, these services will likely adapt to counter them. Cybersecurity teams must remain vigilant and adopt advanced threat detection methods to combat the growing sophistication of phishing attacks.