Morphing Meerkat Unmasked: The Comically Cunning Phishing Operation You Never Saw Coming
Morphing Meerkat has been using DNS over HTTPS to launch phishing scams against over 114 brands. This PhaaS operation cleverly impersonates major email providers and even sends out spam in multiple languages. It’s like a masterclass in deception, except the only certification you get is a stolen identity!
Hot Take:
In a world where cybercriminals have become more creative than your average artist at a paint-and-sip night, Morphing Meerkat stands out as the Picasso of phishing. They’re using DNS over HTTPS like it’s a secret handshake at an underground club, all while spoofing over 114 brands. One might say they’re ‘phishing’ for compliments on their craft, but let’s not hand out awards just yet.
Key Points:
- Morphing Meerkat is a Phishing-as-a-Service (PhaaS) operation using DNS over HTTPS to evade detection.
- The operation dynamically serves spoofed login pages for over 114 brands using DNS email exchange (MX) records.
- It has a centralized SMTP infrastructure with a large portion of spam emails traced back to iomart (UK) and HostPapa (US).
- The platform has been active since at least 2020, flying under the radar until recently discovered by Infoblox researchers.
- Recommended defenses include tighter DNS control and blocking access to non-essential adtech and file sharing infrastructure.
Already a member? Log in here