Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 1 December 2025 14:20
The underground cybercrime market continues to evolve rapidly, fueled by specialized groups designing and selling tools for increasingly sophisticated digital scams. Among these, a particularly active player in recent weeks is KrakenBite , known for offering turnkey phishing services to cybercriminals around the world.
In a recent announcement on their channels, spotted by Red Hot Cyber’s DarkLab group, the group said they had added five new phishing pages targeting Moroccan banks , bringing the total number of pages available in their “catalogue” to 115 .
The post presents a staggering list of targeted international banks: Australia, Brazil, Canada, Colombia, France, Italy, Israel, Mexico, and many other countries. For each bank listed, a phishing page is available that closely replicates the official website, aiming to steal victims’ credentials and sensitive data.
The group offers these pages as part of a paid service:
The post also contains screenshots of landing pages designed to imitate various Moroccan financial institutions such as CIH Bank, Banque Populaire, and Société Générale Maroc. The pages are aesthetically pleasing and in the local language, a sign of the group’s dedication to making their fakes as believable as possible.
The sale of phishing kits is nothing new in the world of cybercrime, but what is striking is the “corporate” approach of groups like KrakenBite.
The published message refers to:
This organization closely resembles legitimate SaaS (Software-as-a-Service) models, but transformed into PhaaS: Phishing-as-a-Service , a growing phenomenon that dramatically lowers the technical barrier for those who want to carry out cyber attacks.
Morocco has been a rapidly digitalizing banking market in recent years, with millions of users using online financial services and mobile banking.
This digital expansion, combined with increasingly credible phishing campaigns localized in the country’s language, increases the risk that inexperienced users will fall into the trap.
The fact that KrakenBite has invested in creating five new pages dedicated to Moroccan institutions is a clear indicator: there is strong demand for tools aimed precisely at that market.
For criminal groups, in fact, each country represents a specific ecosystem, and the success of scams depends on the ability to hit local targets with tailor-made tools.
The episode demonstrates once again how crucial user awareness and banks’ ability to promptly detect fraudulent campaigns based on cloned sites are.
The phishing pages in question:
In such a context, the defense inevitably passes through:
KrakenBite’s announcement further confirms the evolution of cybercrime toward increasingly industrialized and global models. Phishing is no longer the work of individual, improvised attackers, but of actual criminal “corporations” that develop, distribute, and support ready-to-use tools.
Awareness and prevention remain today more than ever the main weapons to combat these phenomena.
Redazione