Every single person who has bought the phishing kit claims the seller is a scammer. Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation of the phishing kit in the wild.
Krebs has access to these forums, he could’ve checked this story out in less than 3 minutes but did not.
Even if Krebs wasn’t a subject matter expert, it’s still inexcusable that he didn’t do the most basic work here. You don’t need to frequent underground runet forums to know that a journalist should be able to verify the stories he puts out.
I think it’s also particularly telling that he didn’t bother to source reasonable quality screenshots for the story, which he would have been able to do had he ever witnessed this phishing kit working.
> Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation
I noticed. While researching I had a feeling of "is this just makeup on a pig?". Anyone can make pretty graphics or make claims. I tried reading a few selling points and I was weary.
One claimed to handle a MFA token handover and then somehow got access to the token and they could proxy it for you? The user types in the MFA token, they get the token. I cant figure out how they would bypass all browser protections to pass on the highly-secured token via a proxy. I've been online for 25 years, I understand on a deep level on the internet works and the web and what is happening in this situation, as I'm sure most here are.
Without a 0day, this just doesn't make sense. But this is pretty technical, and unless you hang out here then the above sounds perfectly reasonable but to us sounds like bullshit.
> he didn’t bother to source reasonable quality screenshots for the story
Also noted. Quickly found better quality versions myself with a quick search.
This is so odd. I tried to verify your claim and I give up. It might be but I really hate how information is becoming like this. There is other reporting out there on "Starkiller" (the phishing kit in kerbs most recent post) and I can find other articles on it, but sources seem to be circular. The source mentions Jinkusu forums, which do seem to be real, but any links I find aren't loading for me and still no conclusive findings of Starkiller.
These forums are mostly private, but Krebs certainly has access to them. There can really be no excuse for how he handled this.
There are multiple posts by people in different places claiming to have bought this phishing kit, and then being delivered totally non-functional vibecoded garbage. The vibecoded garbage is not the advertised product though, as the author never managed to get the AI to finish his project.
Krebs lack any sort of real credibility. He's pushing out slop with a govern-mentalist propaganda. Tech journalists are the worst form to gather any actual information.
Could you elaborate a bit? It’s hard to take such a claim seriously without any evidence presented.
Every single person who has bought the phishing kit claims the seller is a scammer. Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation of the phishing kit in the wild.
See the exploit.in thread for example https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...
Krebs has access to these forums, he could’ve checked this story out in less than 3 minutes but did not.
Even if Krebs wasn’t a subject matter expert, it’s still inexcusable that he didn’t do the most basic work here. You don’t need to frequent underground runet forums to know that a journalist should be able to verify the stories he puts out.
I think it’s also particularly telling that he didn’t bother to source reasonable quality screenshots for the story, which he would have been able to do had he ever witnessed this phishing kit working.
>See the exploit.in thread for example https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...
"Maximum download limit reached" - it's gone. Also, not present in the archive.org :-(
1 reply →
> Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation
I noticed. While researching I had a feeling of "is this just makeup on a pig?". Anyone can make pretty graphics or make claims. I tried reading a few selling points and I was weary.
One claimed to handle a MFA token handover and then somehow got access to the token and they could proxy it for you? The user types in the MFA token, they get the token. I cant figure out how they would bypass all browser protections to pass on the highly-secured token via a proxy. I've been online for 25 years, I understand on a deep level on the internet works and the web and what is happening in this situation, as I'm sure most here are.
Without a 0day, this just doesn't make sense. But this is pretty technical, and unless you hang out here then the above sounds perfectly reasonable but to us sounds like bullshit.
> he didn’t bother to source reasonable quality screenshots for the story
Also noted. Quickly found better quality versions myself with a quick search.
This is so odd. I tried to verify your claim and I give up. It might be but I really hate how information is becoming like this. There is other reporting out there on "Starkiller" (the phishing kit in kerbs most recent post) and I can find other articles on it, but sources seem to be circular. The source mentions Jinkusu forums, which do seem to be real, but any links I find aren't loading for me and still no conclusive findings of Starkiller.
https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...
These forums are mostly private, but Krebs certainly has access to them. There can really be no excuse for how he handled this.
There are multiple posts by people in different places claiming to have bought this phishing kit, and then being delivered totally non-functional vibecoded garbage. The vibecoded garbage is not the advertised product though, as the author never managed to get the AI to finish his project.
I figured the forums were real, just was blocked for some reason so thanks.
I do not doubt this story for a second. Its crazy Kerb's is basically freely advertising this blackhat slop.
Krebs lack any sort of real credibility. He's pushing out slop with a govern-mentalist propaganda. Tech journalists are the worst form to gather any actual information.
Krebs has some credibility in this space because he used to post well-informed takes on these topics, not stuff like this.
His record has never been flawless, but the guy actually put in the work to learn Russian to be able to read these forums. He just doesn’t anymore.
3 replies →