Security News > 2022 > August > Phishing attack abuses Microsoft Azure, Google Sites to steal crypto

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites.
Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.
Because the phishing sites are hosted in Microsoft and Google services, they aren't flagged by automated moderator systems, allowing promotional messages to stay in the comment section for longer.
Google Sites is a free web page creation tool, part of Google's online service suite, allowing users to create websites and host them on Google Cloud or other providers.
The sites are just landing pages, and their visitors are redirected to the actual phishing sites when they click on the "Login" buttons.
For the crypto exchange phishing pages, the threat actors attempt to steal their login credentials.
News URL
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)