SheByte, which officially branded its services on Telegram in May 2024 before fully launching in mid-June, has quickly carved out a significant portion of the Canadian phishing threat landscape by offering sophisticated phishing infrastructure targeting financial institutions. Fortra analysts identified a significant innovation in February 2025 when SheByte released its “v2” customizable Interac kit for their page builder tool, triggering a measurable surge in Canadian bank phishing activity. Fortra researchers noted that SheByte accounted for 8% of Interac-branded phishing attacks in May 2024, rising to 10% upon full platform release in June, demonstrating its growing influence in the criminal ecosystem. This subscription grants users unlimited access to static and customizable phishing kits targeting 17 Canadian banks, 4 US-based banks, email providers, telecom companies, and cryptocurrency services. The platform proudly advertises its LiveRAT dashboard, which enables threat actors to monitor phishing visits in real-time, intercept multi-factor authentication codes, and request additional information from victims. While the LabHost takedown initially reduced Interac-branded phishing attacks targeting Canadian banks by half, SheByte rapidly filled the void. The newer v2 kits employ a naming convention of eight randomized alphanumeric characters for PHP files, though this pattern remains consistent across campaigns rather than generating unique names per phishing instance. The LiveRAT capabilities are particularly concerning, as they enable real-time manipulation of the victim experience, allowing attackers to adapt their approach based on victim behavior and potentially circumvent standard security measures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These technical fingerprints allow security teams to detect SheByte campaigns, though the service continually evolves its tactics. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. For additional protection, the service offers multiple CAPTCHA implementation options to filter out security researchers and automated scanning tools. SheByte phishing kits can be identified through specific technical markers. File and directory naming follows similar patterns, with directories using eight-character sequences while form receiver and LiveRAT components utilize seven or nine-character names.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 19 Apr 2025 19:00:14 +0000