• by Ray Schultz , August 14, 2023

Cybersecurity firm Trend Micro Inc. has helped Interpol disable 16shop, a prolific phishing-as-a-service (PaaS) operation, the company said on Monday. 

16shop is suspected of enabling phishing attacks on over 70,000 victims in 43 countries.

Trend Micro was approached by Interpol in 2020 regarding threat intelligence on 16shop, an alleged phishing-as-a-service (PaaS) operation.

That platform sold phishing kits designed to lower the barrier to entry to budding cybercriminals, Trend Micro says. 

Trend Micro reported to Interpol that:

• 16shop-supported attacks were particularly prevalent in Japan, the U.S. and Germany.
• Customers of 16shop could create phishing pages to harvest Amazon, American Express, PayPal, Apple, and CashApp credentials and U.S. banking logins.
• The platform automatically localized the language of phishing sites.
• The platform had features designed to thwart analysis — i.e.,  anti-sandboxing and geolocated access restrictions.

16shop's web infrastructure was hosted on numerous legitimate cloud providers, Trend Micro says.

The site was active from 2018 until at least 2021, and copycat sites likely sprung up after that. 

The intelligence provided by Trend Micro resulted in the arrest of three parties, including the suspected administrator of 16shop and two suspects in Indonesia and Japan. 

As this takedown proves once again, public-private partnerships backed by powerful threat intelligence can be a force multiplier for international cybercrime investigations," says Jon Clay, vice president of threat intelligence at Trend Micro.