BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft
Malware Activity
Summary
Hide ▲
Show ▼
BlackForce, GhostFrame, InboxPrime AI, and Spiderman are newly documented phishing kits that expand credential theft at scale and make it easier to bypass MFA, impersonate brands, and target banking and email logins. BlackForce adds MitB-based OTP capture and MFA bypass, while GhostFrame hides phishing content behind an iframe delivery chain. InboxPrime AI automates mass mailing with AI-generated lures, and Spiderman clones European bank login pages and session-theft workflows for financial fraud.
Related Happenings
Indirect prompt-injection web campaigns targeting AI agents
Campaign
H score37
First: 06.07.2026 18:00
Last: 06.07.2026 18:00
Sources 1
About this happening:
**Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...
Indirect prompt-injection web campaigns targeting AI agents
CampaignAbout this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...
Phantom squatting AI-hallucinated domain phishing campaign
Campaign
H score35
First: 01.07.2026 10:20
Last: 01.07.2026 10:20
Sources 1
About this happening:
A **phantom squatting** campaign is turning **AI-hallucinated domains** into live phishing and malware lures, putting **AI-referred traffic** at immediate risk. Attackers are regi...
Phantom squatting AI-hallucinated domain phishing campaign
CampaignAbout this happening: A **phantom squatting** campaign is turning **AI-hallucinated domains** into live phishing and malware lures, putting **AI-referred traffic** at immediate risk. Attackers are regi...
Hotel and hospitality photo-ZIP phishing campaign
Campaign
H score40
First: 26.06.2026 12:27
Last: 26.06.2026 12:27
Sources 1
About this happening:
An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
Hotel and hospitality photo-ZIP phishing campaign
CampaignAbout this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
OpenAI ChatGPT renderer Markdown link/image phishing security flaw
Vulnerability
H score16
First: 29.05.2026 21:07
Last: 29.05.2026 21:07
Sources 1
About this happening:
**ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...
OpenAI ChatGPT renderer Markdown link/image phishing security flaw
VulnerabilityAbout this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...
FBI public service announcement on fake FIFA websites
Public Sector Action
H score21
First: 28.05.2026 22:08
Last: 28.05.2026 22:08
Sources 1
About this happening:
The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
FBI public service announcement on fake FIFA websites
Public Sector ActionAbout this happening: The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
Timeline
-
12.12.2025 16:04 2 articles · 6mo ago
BlackForce, GhostFrame, InboxPrime AI, and Spiderman documented
Initial DisclosureCybersecurity researchers documented BlackForce, GhostFrame, InboxPrime AI, and Spiderman as phishing kits that facilitate credential theft at scale. BlackForce uses Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA), GhostFrame hides phishing login content behind an embedded iframe to steal Microsoft 365 and Google credentials, InboxPrime AI automates mass mailing with AI-generated lures and Gmail web interface evasion, and Spiderman replicates European banking login pages while managing stolen session data in real time.
Show sources
- New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale — thehackernews.com — 12.12.2025 16:04
- New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale — thehackernews.com — 12.12.2025 16:04