The Fishing Fishing campaign hosted on webflow content delivery networks (CDN) has been taken advantage of a comprehensive fishing campaign to steal credit card information and to do financial fraud.
“The attacker targets the victims searching for documents on the search engines, resulting in a malicious PDF access to the malicious PDF that has a captcha image with a fishing link, leading to the leading to provide them sensitive information, “Netscope Threat Labs researcher Jan Michael Alkentara said.
Activity has been running since the second half of 2024, forcing users to redirect in PDF files hosted on webflow CDN in search of charts on search engines such as book titles, documents, and Google.
These PDF files come embedded with an image that mimics a captcha challenge, with the user who clicks on it is taken to a fishing page, which this time, hosts a real cloudflair turningstone captcha. Is.
In doing so, the attackers aims to lend this process to the veneer of validity, thinking that they had interacted with a safety check, while also detected by a stable scanner.
Users who complete the actual captcha challenge are later redirected to a page that includes the “download” button to reach the alleged document. However, when the victims are tried to complete the steps, they are given a pop-up message, in which they are asked to enter their personal and credit card details.
“On entering the credit card details, the attacker would send an error message to indicate that it was not accepted,” Michael Alakantara said. “If the victim presents a details of his credit card two or three times, they will be redirected to the HTTP 500 error page.”
This development comes in the form of a slashing, which has a new fishing kit called Estaroth (not being confused with the banking malware of the same name) that instead of six -month update and bypass techniques for $ $ 2,000 on Telegram and Cyber Crime Marketplaces. Is advertised in
Like the Phishing-e-Saravis Prasad, it allows cyber miscreants to cut credentials and two-fate authentication (2fa) code through bogus login pages that mimic popular online services Are.
Security researcher Daniel Kelly said, “Estaroth victims and an evilginx-style uses reverse proxy to prevent and manipulate traffic between victims and legitimate authentication services such as Gmail, Yahoo and Microsoft.” “Acting as a man-in-a-middle, it effectively bypassing the login credentials, tokens, and sessions cookies, effectively bypasses 2FA.”
