Lockphish phishing attack: Capturing Android PINs & iPhone passcodes over https

Introduction to Lockphish

Phishing attacks are a common tactic for gaining initial access to a system. If an attacker can convince their target to hand over their login credentials or install and execute malware on their machine, this provides an attacker with a foothold that can be used to expand their access and achieve their operational objectives.

The Lockphish toolkit is a bit different from many phishing toolkits because it specifically targets Android PINs and iPhone passcodes. If the attacker can convince the target to visit a malicious webpage, they’ll be presented with a screen that looks like their device’s lock screen. Entering a PIN or passcode into this screen will send the login information to the attacker.

In this article, we’ll walk through the process of compromising a user’s mobile device credentials using Lockphish. This includes everything from initial installation through actually compromising credentials for a target device.

Installing Lockphish

The Lockphish toolkit is available for download from GitHub here. You can either visit the site and download it directly or pull a copy using Git with the following command:

  • git clone https://github.com/kali-linux-tutorial/lockphish.

Lockphish is written in PHP and requires it to be installed on the system to run. If you don’t already have PHP installed on your system, install it with apt-get install php. Lockphish also requires unzip to be installed (apt-get install unzip).

After the dependencies are installed, use cd to move to the directory where you have installed Lockphish. Inside this directory, set the Lockphish script to be runnable with the command sudo chmod +x lockphish.sh.

Generating a phishing page with Lockphish

After completing the installation of Lockphish, run it with ./lockphish. You should be greeted with the following screen.

For this walkthrough, we’ll use the default redirection URL of YouTube, but (Read more…)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/K5RqEQl64Zk/