Security News > 2021 > November > Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.
Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.
The campaign appears to be targeting only employees working in the Middle East as "a single campaign" in a series of similar, SharePoint-themed phishing scams, Anderson wrote.
To understand how the campaign works, one needs to understand how the free version of Glitch works, Anderson explained.
Because of the short-lived nature of the pages being used to harvest credentials, researchers said they were challenged to find live pages serving up the ultimate payload of the campaign.
While the team still didn't find the next-stage payload, it did uncover a screenshot of the Microsoft SharePoint phishing login being used to lure the victim, he wrote.
News URL
https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/
Related news
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing kits now vet victims in real-time before stealing credentials (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)