ATHR productized automated vishing platform for credential theft
Threat Actor Meta
Summary
Hide ▲
Show ▼
ATHR is turning automated vishing into a productized underground service, lowering the barrier for credential theft across Google, Microsoft, Coinbase, and other major accounts. The platform combines email lures, AI voice agents, and operator dashboards to streamline TOAD attacks from start to finish. Its marketplace pricing and built-in automation point to a broader shift toward more scalable, harder-to-detect credential theft services.
Related Happenings
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score69
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score25
First: 30.04.2026 21:58
Last: 30.04.2026 21:58
Sources 1
About this happening:
Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...
Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...
Latest development: 25.06.2026 18:00
Bluekit phishing-as-a-service added browser-in-the-middle (BitM) login theft and nearly 70 new hostnames over the past week. Netcraft said the kit now uses the open-source JavaScript library rrweb to serialize the page DOM and stream it over a WebSocket connection, while the live 5-second monitoring system and victim qualification checks remain in use.
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
H score25
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft
Malware Activity
H score36
First: 12.12.2025 16:04
Last: 12.12.2025 16:04
Sources 1
About this happening:
**BlackForce**, **GhostFrame**, **InboxPrime AI**, and **Spiderman** are newly documented phishing kits that expand **credential theft at scale** and make it easier to bypass **MF...
BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft
Malware ActivityAbout this happening: **BlackForce**, **GhostFrame**, **InboxPrime AI**, and **Spiderman** are newly documented phishing kits that expand **credential theft at scale** and make it easier to bypass **MF...
Eternidade Stealer WhatsApp propagation campaign
Campaign
H score42
First: 19.11.2025 17:00
Last: 19.11.2025 17:00
Sources 1
About this happening:
**Eternidade Stealer** is a **WhatsApp-propagating banking Trojan** targeting users in **Brazil**. The campaign combines **social engineering** with a **WhatsApp hijacking worm**...
Eternidade Stealer WhatsApp propagation campaign
CampaignAbout this happening: **Eternidade Stealer** is a **WhatsApp-propagating banking Trojan** targeting users in **Brazil**. The campaign combines **social engineering** with a **WhatsApp hijacking worm**...
Timeline
-
16.04.2026 17:09 2 articles · 2mo ago
ATHR disclosed as an automated vishing platform
Initial DisclosureATHR is described as a productized underground phishing and vishing platform that automates TOAD attacks with brand-specific email templates, per-target customization, spoofing mechanisms, Asterisk and WebRTC call routing, and AI voice agents to harvest credentials for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL accounts.
Show sources
- New ATHR vishing platform uses AI voice agents for automated attacks — www.bleepingcomputer.com — 16.04.2026 17:09
- New ATHR vishing platform uses AI voice agents for automated attacks — www.bleepingcomputer.com — 16.04.2026 17:09