Threat actors have been leveraging link wrapping services for clandestine malware delivery as part of a new phishing campaign aimed at credential exfiltration, reports The Hacker News.
Intrusions part of the campaign involved unauthorized access to email accounts with link wrapping activated, as well as multi-tiered redirect abuse where malicious links have been initially shortened before being embedded in a Proofpoint-secured account that triggers the phishing page, according to findings from the Cloudflare Email Security team. Aside from spreading malicious voicemail notification-spoofing emails that redirect to a fake Microsoft 365 phishing page, attackers have also used emails purporting to be Microsoft Teams document sharing and unread Teams messages notices. "By cloaking malicious destinations with legitimate urldefense[.]proofpoint[.]com and url[.]emailprotection URLs, these phishing campaigns' abuse of trusted link wrapping services significantly increases the likelihood of a successful attack," said Cloudflare. Such a report comes amid the growing exploitation of Scalable Vector Graphics images to launch stealthy multi-stage malware attacks.
Intrusions part of the campaign involved unauthorized access to email accounts with link wrapping activated, as well as multi-tiered redirect abuse where malicious links have been initially shortened before being embedded in a Proofpoint-secured account that triggers the phishing page, according to findings from the Cloudflare Email Security team. Aside from spreading malicious voicemail notification-spoofing emails that redirect to a fake Microsoft 365 phishing page, attackers have also used emails purporting to be Microsoft Teams document sharing and unread Teams messages notices. "By cloaking malicious destinations with legitimate urldefense[.]proofpoint[.]com and url[.]emailprotection URLs, these phishing campaigns' abuse of trusted link wrapping services significantly increases the likelihood of a successful attack," said Cloudflare. Such a report comes amid the growing exploitation of Scalable Vector Graphics images to launch stealthy multi-stage malware attacks.
