- Cybercriminals spoofed Aruba using a stealthy, automated phishing framework with CAPTCHA and Telegram bots.
- Phishing pages imitate Aruba’s webmail portal, stealing credentials through fake service alerts.
- Aruba’s large user base has made it a high-value target for industrial-scale credential theft.
Security researchers at Group-IB have released details of a new scam targeting Aruba users that turned out to be part of a “sophisticated phishing framework.”
The team found that cybercriminals had created a “fully automated, multi-step platform” that offered both efficiency and stealth, using CAPTCHA filtering to evade security scans, pre-populating victims’ data to increase credibility, and using Telegram bots to exfiltrate stolen credentials and payment information.
The goal of the phishing kit is to achieve “industrial-scale credential theft,” Group-IB said, adding that it “significantly lowers” technical barriers to entry and allows less-skilled actors to launch compelling campaigns at scale, and virtually overnight.
Target Aruba
The modus operandi here is rather usual: the attack begins with a carefully crafted email, warning users of a service expiration or payment failure. These themes were chosen because Aruba itself often warns its customers about them, but without the sense of dramatic urgency that phishing emails bring.
The messages are accompanied by a link to “one of many” phishing pages that “meticulously imitate” the official webmail login portal Aruba.it, Group-IB added. Victims who don’t spot the ruse and try to log in end up passing their credentials to the attackers via Telegram, who can then use or sell them on the dark web.
Aruba was chosen because it is “deeply rooted in Italy’s digital infrastructure,” Group-IB highlighted, adding that it currently serves more than 5.4 million customers.
“Such a focus offers significant results: the compromise of a single account can expose critical business assets, from hosted websites to domain controls and email environments,” the researchers concluded.
Defending against phishing attacks is simple: think before you click, keep your software up to date, and run a solid endpoint protection solution.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
