Find notable cyber news and cases, enriched with sources, timelines, and signals.

ATHR productized automated vishing platform for credential theft

Threat Actor Meta
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

ATHR is turning automated vishing into a productized underground service, lowering the barrier for credential theft across Google, Microsoft, Coinbase, and other major accounts. The platform combines email lures, AI voice agents, and operator dashboards to streamline TOAD attacks from start to finish. Its marketplace pricing and built-in automation point to a broader shift toward more scalable, harder-to-detect credential theft services.

Related Happenings

Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score69 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...

Bluekit alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score25 First: 30.04.2026 21:58 Last: 30.04.2026 21:58 Sources 1

About this happening: Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...

Latest development: 25.06.2026 18:00

Bluekit phishing-as-a-service added browser-in-the-middle (BitM) login theft and nearly 70 new hostnames over the past week. Netcraft said the kit now uses the open-source JavaScript library rrweb to serialize the page DOM and stream it over a WebSocket connection, while the live 5-second monitoring system and victim qualification checks remain in use.

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
H score25 First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft

Malware Activity
H score36 First: 12.12.2025 16:04 Last: 12.12.2025 16:04 Sources 1

About this happening: **BlackForce**, **GhostFrame**, **InboxPrime AI**, and **Spiderman** are newly documented phishing kits that expand **credential theft at scale** and make it easier to bypass **MF...

Eternidade Stealer WhatsApp propagation campaign

Campaign
H score42 First: 19.11.2025 17:00 Last: 19.11.2025 17:00 Sources 1

About this happening: **Eternidade Stealer** is a **WhatsApp-propagating banking Trojan** targeting users in **Brazil**. The campaign combines **social engineering** with a **WhatsApp hijacking worm**...

Timeline

  1. 16.04.2026 17:09 2 articles · 2mo ago

    ATHR disclosed as an automated vishing platform

    Initial Disclosure

    ATHR is described as a productized underground phishing and vishing platform that automates TOAD attacks with brand-specific email templates, per-target customization, spoofing mechanisms, Asterisk and WebRTC call routing, and AI voice agents to harvest credentials for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL accounts.

    Show sources