LogoKit: the Tool that Creates Phishing Attacks in Real Time

Phishing is one of the most common threats on the Internet. It is a method that hackers constantly use to steal passwords and access credentials. Over time they have perfected the techniques to achieve their goal. In this article we are going to talk about Phishing in real time , a new problem that generates changing pages so that users fall into the trap.

Phishing in real time, the last method to attack

It is a new tool from LogoKit . It is a Phishing attack kit that has already been detected hundreds of unique domains in recent weeks. It has been developed by a group of hackers and what it does is change the logos and the text of a Phishing page in real time to suit the victim.


As we have mentioned, these types of attacks have been perfected over time. They increasingly adapt to the victims to achieve their goal and to be able to bypass security measures. According to the information security company RiskIQ , which has been following its evolution, this kit is already being exploited continuously.

Specifically, this cybersecurity company has detected 300 unique sites in the last week and more than 700 in the last month. They indicate that LogoKit relies on sending users Phishing links containing their email addresses.

Tiempo de ataques Phishing

LogoKit adapts to each company

Once a victim navigates to the URL, LogoKit obtains the company logo from a third-party service, such as Clearbit or Google’s favicon database. If a victim enters their password, LogoKit makes a request and sends the victim’s email and password to an external source and subsequently redirects the user to the legitimate website.

To achieve this, according to security researchers, LogoKit uses a set of embeddable JavaScript functions , which can be added to any generic login form.

Note that this is different from standard Phishing Kits , most of which require pixel perfect templates that mimic a company’s authentication pages. The modularity of this novelty kit allows an attacker to target any company they want by simply customizing it and mounting it in no time. They can create hundreds of different attacks in a week.

From RiskIQ they indicate that they have seen how LogoKit has been used to imitate and create login pages in very diverse services, among which we can mention OneDrive and Office 365.

It should also be noted that this kit is very small, so it can be hosted on hacked sites and legitimate pages of companies of all kinds where you want to go. In addition, being a collection of JavaScript files, the resources can be hosted in trusted public services, such as GitHub and others like it.

Once again, we must be adequately protected against these types of threats on the network. We leave you a tutorial where we explain how Phishing works. There we give some important tips to avoid being victims of this problem.