Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Cybercriminals Leverage Webflow to Craft Sophisticated Phishing Campaigns


A new wave of sophisticated phishing attacks has been discovered, leveraging Webflow to craft convincing campaigns that target sensitive information and login credentials. As cybersecurity experts warn of the growing threat, it's essential to exercise caution when accessing important pages online.

  • Malicious actors are exploiting Webflow to create sophisticated phishing campaigns.
  • There has been a 10-fold increase in traffic to phishing pages crafted using Webflow between April and September 2024.
  • The phishing campaigns target sensitive information from cryptocurrency wallets and login credentials for multiple company webmail platforms.
  • Attackers use custom subdomains created at no additional cost through Webflow to create stealthy phishing pages.
  • The attacks have been targeted at over 120 organizations across the world, primarily in North America and Asia.
  • Cybersecurity experts warn of the growing threat and urge individuals and organizations to exercise caution when accessing important pages online.



    • In a disturbing trend, cybersecurity researchers have discovered that malicious actors are exploiting the popular website builder tool Webflow to create sophisticated phishing campaigns. The malicious activities were tracked by Netskope Threat Labs researcher Jan Michael Alcantara, who noted that there has been a 10-fold increase in traffic to phishing pages crafted using Webflow between April and September 2024.

    The phishing campaigns, which target sensitive information from various cryptocurrency wallets and login credentials for multiple company webmail platforms, including Microsoft 365 login credentials, have been observed to use custom subdomains created at no additional cost through Webflow. This feature makes it easier for attackers to create stealthy phishing pages that blend in with legitimate websites.

    According to Alcantara, the attackers are using Webflow to create standalone phishing pages, as well as to redirect unsuspecting users to other phishing pages under their control. The latter allows for more complex actions to be performed, such as exfiltrating credentials and hijacking control of cryptocurrency wallets.

    The attacks have been targeted at over 120 organizations across the world, with a majority located in North America and Asia, spanning financial services, banking, and technology sectors. Avast has also identified that chat services like LiveChat, Tawk.to, and Smartsupp are being misused as part of a cryptocurrency scam campaign dubbed CryptoCore.

    "It's essential for users to exercise caution when accessing important pages, such as their banking portal or webmail, by typing the URL directly into the web browser instead of using search engines or clicking any other links," Alcantara emphasized. He also warned that anti-bot services have become a cornerstone of complex phishing operations, which aim to prevent security crawlers from identifying and blocking malicious sites.

    The use of Webflow as a tool for crafting phishing campaigns has raised concerns among cybersecurity experts. According to Cisco Talos, the malware WarmCookie offers a variety of functionalities for adversaries, including payload deployment, file manipulation, command execution, screenshot collection, and persistence. This makes it an attractive option for attackers looking to maintain control over compromised systems.

    Researchers have also noted that WARMCOOKIE is likely developed by the same threat actors as Resident, a post-compromise implant deployed in as part of an intrusion set dubbed TA866 (aka Asylum Ambuscade), alongside the Rhadamanthys information stealer. These campaigns have targeted manufacturing sector, followed closely by government and financial services.

    The use of Webflow for phishing campaigns highlights the evolving nature of cybersecurity threats. Cybercriminals are becoming increasingly sophisticated in their tactics, using legitimate tools to their advantage. It is essential for individuals and organizations to stay vigilant and take proactive measures to protect themselves against such threats.

    A new wave of sophisticated phishing attacks has been discovered, leveraging Webflow to craft convincing campaigns that target sensitive information and login credentials. As cybersecurity experts warn of the growing threat, it's essential to exercise caution when accessing important pages online.



    Related Information:

  • https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

  • https://owasp.or.id/2024/10/28/cybercriminals-use-webflow-to-deceive-users-into-sharing-sensitive-login-credentials/

  • https://malwaretips.com/blogs/warmcookie/

  • https://blog.talosintelligence.com/warmcookie-analysis/

  • https://www.redscan.com/news/memory-forensics-how-to-detect-and-analyse-memory-resident-malware/

  • https://cyberpedia.reasonlabs.com/EN/resident virus.html

  • https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html

  • https://securityaffairs.com/169253/malware/rhadamanthys-information-stealer-uses-ai.html

  • https://www.fbi.gov/wanted/cyber/apt-10-group

  • https://www.wired.com/story/doj-indictment-chinese-hackers-apt10/


    • Published: Mon Oct 28 07:25:56 2024 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us