Webflow sites used to trick victims into sharing login details

3 weeks ago

Image depicting hands typing connected a keyboard, pinch phishing hooks holding files, passwords and in installments cards.

(Image credit: Shutterstock / janews)

Webflow is increasing progressively celebrated among cybercriminals phishing for cryptocurrency wallet information, login credentials, and more, experts person warned.

A report from Netskope Threat Labs claims that betwixt April and September 2024, it observed a ten-fold summation successful postulation to phishing pages created successful Webflow.

Webflow is simply a website builder creation and improvement level that allows users to visually build responsive websites without coding, while besides offering hosting and contented guidance features.

Smash and grab

The extremity of nan run is, first and foremost, to get cryptocurrency wallet information. By tricking victims into sharing seed phrases and login credentials for Coinbase, MetaMask, Phantom, Trezor, aliases Bitbuy, nan crooks tin summation afloat power complete nan wallets and drain them of immoderate funds, aliases NFTs.

Besides crypto wallets, nan miscreants were besides hunting for credentials for aggregate institution webmail platforms, arsenic good arsenic Microsoft 365 login credentials.

In total, much than 120 organizations worldwide person been targeted, pinch nan mostly being located successful North America, and Asia. Usually, nan crooks were going for organizations successful financial services, banking, and technology.

“Attackers maltreatment Webflow successful 2 ways,” Netskope’s researchers claim. “Creating standalone phishing pages and utilizing Webflow pages to redirect victims to phishing pages hosted elsewhere.” The erstwhile is much stealth-oriented, since it contains nary phishing lines of code, and frankincense cannot beryllium spotted by accustomed information scanners. The latter, connected nan different hand, provides much elasticity and allows for much analyzable attacks.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Webflow besides provided civilization publically accessible subdomains without further cost, which nan crooks happily used.

What makes nan phishing sites easy to spot is nan measurement they mimic morganatic pages. Crooks would simply drawback a full-screen screenshot of nan morganatic app’s homepage, and usage that connected their ain site. Some pages simply redirected group from this image to nan existent phishing page hosted elsewhere.

Therefore, if you spot that a website’s homepage is not interactive astatine all, and behaves arsenic a azygous image, beryllium observant - you’re astir apt being targeted.

More from TechRadar Pro

Official Lego website hacked to beforehand crypto scam
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology