Security News > 2021 > November > Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.
Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.
The campaign appears to be targeting only employees working in the Middle East as "a single campaign" in a series of similar, SharePoint-themed phishing scams, Anderson wrote.
To understand how the campaign works, one needs to understand how the free version of Glitch works, Anderson explained.
Because of the short-lived nature of the pages being used to harvest credentials, researchers said they were challenged to find live pages serving up the ultimate payload of the campaign.
While the team still didn't find the next-stage payload, it did uncover a screenshot of the Microsoft SharePoint phishing login being used to lure the victim, he wrote.
News URL
https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/
Related news
- Russian phishing campaigns exploit Signal's device-linking feature (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)