Was marked with extensive phishing Web The content shipping network (CDN) with the aim of stealing credit card information and financial fraud.
“The attacker aims at the victims seeking documents on the search engines, leading to access to the malicious PDF, which contains the image of CAPTCHA, is built with a phishing link that makes them provide tangible information,” – a researcher at the threat of Netskope Jan Michael Alcantara – Note.
Activities, which continued since the second half of 2024, entails users looking for book titles, documents and graphics in search engines such as Google to redirect users to PDF files located on the Webflow CDN.
These PDF files are supplied by a built -in image that mimics CAPTCHA’s challenge, causing users to push for a phishing page that this time accepts the true Cloudflare Turnstile Captcha.
Doing this, the attackers seek to borrow the process of legitimacy, deceiving the victims, thinking that they interacted with the security check, simultaneously evading the detection of static scanners.
Users who complete the valid CAPTCHA Challenge are subsequently redirected to the page that includes the “download” button to access the intended document. However, when the victims are trying to complete the step, they are submitted by a pop -up message to introduce their personal and credit card data.
“After entering the credit card details, the attacker will send an error message to show that it was not accepted,” said Michael Alcantar. “If the victim provides data on his credit card two more times, they will be redirected to the http 500 error page.
Development happens as Slashnext described the new phishing Banking malicious software the name of the same name), which is advertised in the Telegram and Cybercrime markets for $ 2000 in exchange for six months of updates and bypass equipment.
As a phishing-how’s service (Phase) Suggestions, it allows Cyber Arooks to be able to collect credentials and two-factor authentication codes (2FA) through fake entry pages that mimic popular online services.
“Astaroth uses Evil-Felisky reverse proxy for interception and manipulation of traffic between victims and legal authentication services such as Gmail, Yahoo and Microsoft, “security researcher Daniel Keli – Note. “Speaking as a medium person, he records credentials, tokens and a real -time session, effectively bypassing 2FA.”
