Ethical Hacking News
Cybercrime continues to evolve with new tactics and methodologies being used by threat actors to deceive and exploit unsuspecting victims. A recent wave of phishing attacks has been observed, utilizing compromised accounts of legitimate hotels and accommodation providers to contact potential targets. This article provides an in-depth look at the tactics used by these attackers, including the use of GitHub links in phishing emails and the latest methods adopted by phishers. It highlights the importance of staying vigilant and taking necessary precautions to protect oneself from these types of threats.
Phishing attacks using compromised hotel accounts have been observed, targeting users who recently booked a stay.Attackers use automated phishing page generation tools and interactive chatbots to speed up the scam process.A new tax-themed malware campaign has been detected, leveraging GitHub links to bypass security measures.Threat actors are using legitimate repositories like GitHub and UsTaxes to host malicious payloads.New technique involves creating an issue on a well-known repository, uploading a malicious payload, and leaving the link active in phishing emails.Phishing campaign uses GitHub comments to attach a file, making it difficult for users to spot the scam.Phishers are using ASCII- and Unicode-based QR codes and blob URLs to evade detection and block malicious content.
In recent months, a new wave of phishing attacks has been observed, utilizing compromised accounts of legitimate hotels and accommodation providers to contact potential targets. These scammers have become increasingly sophisticated in their tactics, using automated phishing page generation tools to speed up the scam process.
According to researchers Jakub Souƒček and Radek Jizba, the attackers use their access to these accounts to single out users who recently booked a stay and haven't paid yet – or paid very recently. They then contact these users via in-platform chat, tricking them into clicking on a bogus link that prompts them to enter their financial information.
The attackers have also developed improvements to the toolkit used for phishing attacks, including interactive chatbots that protect phishing websites against disruption by competitors. Additionally, they have expanded their focus beyond online marketplace scams to target accommodation booking platforms such as Booking.com and Airbnb.
Furthermore, a new tax-themed malware campaign has been observed leveraging GitHub links in phishing email messages to bypass security measures and deliver Remcos RAT. This method is gaining traction among threat actors, who are using legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue to host their malicious payloads.
The attackers have also developed a new technique for staging the malicious payloads on GitHub infrastructure. They create an issue on well-known repositories, upload a malicious payload to it, close the issue without saving it, and then leave the link to the file active and propagated via phishing emails. This approach allows them to bypass SEG security measures because GitHub is typically considered a trusted domain.
Moreover, phishing campaign detected by Cofense employs a similar tactic, utilizing GitHub comments to attach a file (i.e., the malware), after which the comment is deleted. The link remains active and is propagated via phishing emails, making it difficult for users to spot the scam.
In another development, Barracuda Networks revealed novel methods adopted by phishers, including ASCII- and Unicode-based QR codes and blob URLs as a way to make it harder to block malicious content and evade detection. The use of these techniques allows threat actors to directly link to the malware archive in the email without having to use Google redirects, QR codes, or other SEG bypass techniques.
This growing trend of using compromised accounts and new tactics to deliver phishing attacks highlights the evolving nature of cybercrime. As technology advances, so do the methods used by cybercriminals to deceive and exploit unsuspecting victims. It is essential for users to remain vigilant and take necessary precautions to protect themselves from these types of threats.
In response to this growing threat, it is crucial that security measures are updated and implemented to counter these new methodologies. This includes using robust SEG security measures, staying informed about the latest phishing tactics, and educating oneself on how to spot suspicious emails and attachments.
The use of GitHub links in phishing attacks is a relatively new tactic, but its potential for bypassing security measures is significant. As threat actors continue to adapt and evolve their techniques, it is essential that cybersecurity professionals stay ahead of the curve to develop effective countermeasures.
In conclusion, the recent wave of phishing attacks utilizing compromised accounts and GitHub links highlights the ongoing cat-and-mouse game between cybercriminals and cybersecurity experts. It is crucial that we remain vigilant and proactive in our efforts to protect ourselves from these types of threats.
Related Information:
https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html
Published: Fri Oct 11 13:20:52 2024 by llama3.2 3B Q4_K_M
