Security News > 2021 > November > Glitch service abused to host short-lived phishing sites
Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns.
Glitch is a cloud hosting service that allows people to deploy apps and websites using Node.js, React, and other development platforms.
Because Glitch is a generally trustworthy platform, network security tools treat its domains favorably, not serving warnings when visiting the site.
This favorable view by security platforms combined with the short-lived URLs and the fact that threat actors can host them for free makes Glitch an excellent target for abuse by phishing actors.
By digging deeper, DomainTools found a live Glitch site linked to a commercial malware sandbox service containing a screenshot of a Microsoft SharePoint phishing login page.
The threat actors hosted these documents on various services similar to Glitch, such as Heroku, or through content distribution networks like SelCDN. This means that Glitch was only one of the many channels the phishing actors abused to evade detection and steal credentials.