Threat Actor "chucky_lucky" Selling Phishing Scripts Targeting Crypto and Indonesian Banks

"Threat Actor chucky_lucky" Selling Phishing Scripts Targeting Crypto and Indonesian Banks

Phishing attacks represent a significant and concerning form of cyber threat. In these attacks, malicious actors seek to obtain sensitive information such as passwords, credit card numbers, or other personal data by impersonating trusted entities, including banks, companies, or even friends or colleagues. They often employ highly convincing methods, such as fake emails or websites that closely mimic the genuine ones, to deceive their victims. Phishing attacks can harm both individuals and organizations by stealing valuable data or gaining access to crucial accounts, potentially causing long-term damage to online security.

One notable threat actor, known as "chucky_lucky," has been observed selling phishing pages/scripts targeting cryptocurrencies and popular websites like 1inch,, uniswap, and opensea. "Chucky_lucky" offers these scripts for $100 USD, with an additional $50 USD for installation services. Notably, the phishing script includes a feature called "Auto Report to Telegram," enabling the direct transmission of phishing results to users' Telegram accounts.

Figure 1: 1inch phishing kit

Examining samples of the phishing websites created by "chucky_lucky," it becomes evident that the appearances are remarkably convincing, making it challenging for users to distinguish them from the authentic 1inch,, or opensea websites, primarily relying on the domain used for differentiation.

Figure 2: and opensea phishing kit

Furthermore, in certain comments within the sales thread for these phishing scripts, "chucky_lucky" mentions "Available: Indonesian Bank." This raises questions regarding whether the actor also provides phishing scripts targeting Indonesian banks or other related entities.

Figure 3: Indonesa bank Available Phishing kit

If indeed "chucky_lucky" offers phishing scripts targeting Indonesian banks, it underscores the importance of heightened vigilance among Indonesian users and financial institutions. It is not only cryptocurrency users who must be cautious; individuals and organizations connected to the banking sector in Indonesia should also remain on high alert, as phishing attacks are likely to increase, targeting a broader spectrum of users.