fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Glitch Service Abused to Host Short-Lived Phishing Sites

Glitch Service Abused to Host Short-Lived Phishing Sites

Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns.

The recent campaigns are targeting employees at major corporations who work with the Middle East.

Based on an analysis by the DomainTools research team, this phishing campaign started in July 2021 and is still ongoing.

“Clean” PDFs that evade detection

The actors send emails with PDF document attachments that do not contain any malicious code, so no antivirus alerts are generated.

Also Read: 5 Tips In Using Assessment Tools To A Successful Businesses

Instead, these PDFs contain a link that directs the user to a page hosted at Glitch, which would display a landing page.

An example of the URL embedded in these PDF documents is shown below:

https://spot-truthful-patio[.]glitch.me/red.htm#%[email protected]

DomainTools sourced 70 PDFs of this type and found that they all used a unique email and URL to link to various Glitch-hosted “red.htm” pages.

List of sites where PDFs point to
List of sites where PDFs point to
Source: DomainTools

Abusing Glitch

Glitch is a cloud hosting service that allows people to deploy apps and websites using Node.js, React, and other development platforms.

This platform is enticing for phishing attacks because they offer a free version that lets users create an app/page and keep it live on the web for five minutes. After that, the user has to enable it again manually.

Because Glitch is a generally trustworthy platform, network security tools treat its domains favorably, not serving warnings when visiting the site.

This favorable view by security platforms combined with the short-lived URLs and the fact that threat actors can host them for free makes Glitch an excellent target for abuse by phishing actors.

By digging deeper, DomainTools found a live Glitch site linked to a commercial malware sandbox service containing a screenshot of a Microsoft SharePoint phishing login page.

Also Read: Intrusion Into Privacy All About Law And Legal Definition

SharePoint phishing page
SharePoint phishing page
Source: DomainTools

The PDF document that led there had been submitted to VirusTotal so that researchers could tie the sample to several HTML documents.

After pulling these pages, the researchers found chunks of obfuscated JavaScript used for exfiltrating credentials to an email address after passing them through compromised WordPress sites.

The deobfuscation revealed an Outlook email address that received the stolen credentials, which led to the discovery of a set of additional PDFs created in September 2021.

The JavaScript code used for URL re-direction
The JavaScript code used for URL re-direction
Source: DomainTools

The threat actors hosted these documents on various services similar to Glitch, such as Heroku, or through content distribution networks like SelCDN.

This means that Glitch was only one of the many channels the phishing actors abused to evade detection and steal credentials.

DomainTools has reached out to Glitch to inform them of their findings but hasn’t received a response yet.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us