Since the initial discovery of Morphing Meerkat, a Phishing-as-a-Service (PhaaS) platform first identified in 2020, the platform has evolved significantly.

Upon inception, the platform could only mimic login pages for five different email services. Now, cyber criminal buyers who visit Morphing Meerkat’s repository can choose from over 100 different scams that they can launch against unsuspecting targets.  
 
What renders Morphing Meerkat’s platform unique is its ability to use advanced DNS reconnaissance techniques to identify a victim’s email service provider and to generate tailored phishing pages accordingly.  

The platform can dynamically create login pages that closely resemble legitimate email service interfaces, increasing the potential for successful credential harvesting.  
 
This overall approach reflects technical sophistication and represents a notable advancement in phishing methodology.  
 
Technical Mechanisms: 

As noted previously, Morphing Meerkat is adept at creating convincing phishing pages that fool users. When a user clicks on a phishing link that’s embedded within a Morphing Meerkat page, the platform queries the email domain’s DNS email exchange (MX) records to identify the specific email service provider.  
 
It then generates a login page that matches the identified service’s visual and functional characteristics. The platform also employs assorted evasion techniques, including open redirects and code obfuscation.  
 
To reduce suspicion, the platform may send users to legitimate login pages after “failed” authentication attempts.  
 
Cyber Security Implications: 
 
When cyber criminals leverage Morphing Meerkat’s platform, it is generally for the purpose of credential theft. Once credentials are collected, cyber criminals may be able to gain unauthorized access to corporate networks and sensitive information.  
 
The platform’s multi-lingual capabilities and extensive brand spoofing render it a serious concern for organizations.  
 
Cyber Security Strategy: 
 
Protecting against threats like those presented by Morphing Meerkat’s platform require a comprehensive security strategy. Organizations are broadly advised to implement strong DNS security measures.  
 
Cyber security teams should also focus on continuous monitoring, employee training and the implementation of multi-layered cybersecurity solutions.  

 Harmony Email & Collaboration 
 
The Morphing Meerkat threat underscores the critical importance of investing in advanced email security technologies.  

Check Point’s Harmony Email & Collaboration platform is specifically designed to counter sophisticated threats, like those derived through the Morphing Meerkat site.  
 
Our advanced machine learning algorithms can identify and neutralize phishing attempts that use dynamic DNS reconnaissance and multi-language spoofing techniques.  
 
In addition, Harmony Email & Collaboration’s URL protection and advanced sandboxing capabilities directly address Morphing Meerkat’s evasion techniques. 

By providing real-time, adaptive and AI-powered protection, Harmony Email & Collaboration offers proactive protection against the most sophisticated of phishing attempts.  
 
To learn more, schedule a product demo or reach out to your local Check Point representative.