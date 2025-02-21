Phishing, Threat Intelligence

Phishing campaign exploits Webflow CDN to steal credit card data

Phishing

Credit: Adobe Stock Images

Researchers at Netskope Threat Labs have identified a phishing campaign that uses malicious PDF files hosted on the Webflow content delivery network to trick users into providing credit card information, reports The Hacker News.

According to the researchers, the attack primarily targets individuals who are searching for documents, book titles, and charts on search engines like Google. Victims are redirected to a PDF file containing a fake CAPTCHA challenge linked to a phishing page.

To enhance credibility, the attackers use a real Cloudflare Turnstile CAPTCHA before directing victims to a fraudulent download page. Upon clicking the "download" button, users receive a pop-up requesting personal and credit card details. The victim will then encounter an error message, forcing them to enter their card details multiple times before they are ultimately shown an HTTP 500 error page. Meanwhile, a new phishing kit, Astaroth, is being sold on cybercrime marketplaces for $2,000. This phishing-as-a-service tool intercepts login credentials and two-factor authentication codes by acting as a reverse proxy between users and legitimate authentication services, such as Gmail and Microsoft. Security researchers warn that such sophisticated tactics make phishing attacks harder to detect and prevent.

Related

Mobile phishing attacks on the rise

Intrusions not only entailed the mounting adoption of device-aware phishing approaches and fingerprinting techniques for greater stealthiness but also the utilization of geolocation-based redirection to facilitate localized scams, according to a report from Zimperium ZLabs researchers.

Global XMRig attack campaign involves trojanized game installers

Downloading the trojanized installers for the BeamNG.drive, Universe Sandbox, Garry's Mod, Plutocracy, and Dyson Sphere Program games uploaded to torrent sites in September triggers an installer screen luring targets to continue with the setup process when dropper extraction and execution occurs, according to an analysis from Kaspersky.

Related Events

Related Terms

DNS SpoofingDeauthentication AttackDefacementDictionary AttackDistributed ScansDomain HijackingFault Line AttacksGoogle HackingInformation WarfareReconnaissance

