Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

2021-11-18 14:00

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.

Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.

The campaign appears to be targeting only employees working in the Middle East as "a single campaign" in a series of similar, SharePoint-themed phishing scams, Anderson wrote.

To understand how the campaign works, one needs to understand how the free version of Glitch works, Anderson explained.

Because of the short-lived nature of the pages being used to harvest credentials, researchers said they were challenged to find live pages serving up the ultimate payload of the campaign.

While the team still didn't find the next-stage payload, it did uncover a screenshot of the Microsoft SharePoint phishing login being used to lure the victim, he wrote.

News URL

https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/

#credential #exploit #glitch #phishing #spearphishing