Navy Federal Credit Union phishing kit cloned with Save Page WE.
The kit uses the obfuscated function _f0 to send credentials to a telegram chat.
Save Page WE is a chrome extension used by phishers to clone a target website and save it as a single HTML file
title: Navy Federal Credit Union Phishing Kit 7fh9xqpk
description: |
Navy Federal Credit Union phishing kit cloned with Save Page WE.
The kit uses the obfuscated function `_f0` to send credentials to a telegram chat.
Save Page WE is a chrome extension used by phishers to clone a target website and save it as a single HTML file
references:
- https://urlscan.io/result/0b9420f8-5aa2-442f-9e0c-ec3813aaea2a
- https://urlscan.io/result/65e0bb5b-76f0-45a1-a60f-af9971ea83ca
related:
- id: savepage-we
detection:
pageTitle:
title: "Navy Federal Credit Union - Our Members are the Mission®"
cloned:
dom|contains: "Thu Mar 25 2021 16:38:13 GMT+0300 (East Africa Time)"
javascript:
js|contains|all:
- "sendEmail"
- "function _f0"
condition: all of them
tags:
- kit
- target.navyfederal