Cybersecurity researchers have identified a phishing-as-a-service (PhaaS) platform named Morphing Meerkat that uses DNS MX records to deliver fake login pages impersonating 114 brands. This tactic enables highly targeted phishing campaigns, often using compromised domains and open redirects. Victims are lured to phishing sites, and stolen credentials are exfiltrated via Telegram. Enhanced anti-analysis measures also obscure the malicious activity.

‍