Security News > 2021 > November > Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.
Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.
The campaign appears to be targeting only employees working in the Middle East as "a single campaign" in a series of similar, SharePoint-themed phishing scams, Anderson wrote.
To understand how the campaign works, one needs to understand how the free version of Glitch works, Anderson explained.
Because of the short-lived nature of the pages being used to harvest credentials, researchers said they were challenged to find live pages serving up the ultimate payload of the campaign.
While the team still didn't find the next-stage payload, it did uncover a screenshot of the Microsoft SharePoint phishing login being used to lure the victim, he wrote.
News URL
https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- GoIssue phishing tool targets GitHub developer credentials (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)