Webflow is increasing progressively celebrated among cybercriminals phishing for cryptocurrency wallet information, login credentials, and more, experts person warned.
A report from Netskope Threat Labs claims that betwixt April and September 2024, it observed a ten-fold summation successful postulation to phishing pages created successful Webflow.
Webflow is simply a website builder creation and improvement level that allows users to visually build responsive websites without coding, while besides offering hosting and contented guidance features.
Smash and grab
The extremity of nan run is, first and foremost, to get cryptocurrency wallet information. By tricking victims into sharing seed phrases and login credentials for Coinbase, MetaMask, Phantom, Trezor, aliases Bitbuy, nan crooks tin summation afloat power complete nan wallets and drain them of immoderate funds, aliases NFTs.
Besides crypto wallets, nan miscreants were besides hunting for credentials for aggregate institution webmail platforms, arsenic good arsenic Microsoft 365 login credentials.
In total, much than 120 organizations worldwide person been targeted, pinch nan mostly being located successful North America, and Asia. Usually, nan crooks were going for organizations successful financial services, banking, and technology.
“Attackers maltreatment Webflow successful 2 ways,” Netskope’s researchers claim. “Creating standalone phishing pages and utilizing Webflow pages to redirect victims to phishing pages hosted elsewhere.” The erstwhile is much stealth-oriented, since it contains nary phishing lines of code, and frankincense cannot beryllium spotted by accustomed information scanners. The latter, connected nan different hand, provides much elasticity and allows for much analyzable attacks.
Webflow besides provided civilization publically accessible subdomains without further cost, which nan crooks happily used.
What makes nan phishing sites easy to spot is nan measurement they mimic morganatic pages. Crooks would simply drawback a full-screen screenshot of nan morganatic app’s homepage, and usage that connected their ain site. Some pages simply redirected group from this image to nan existent phishing page hosted elsewhere.
Therefore, if you spot that a website’s homepage is not interactive astatine all, and behaves arsenic a azygous image, beryllium observant - you’re astir apt being targeted.
More from TechRadar Pro
- Official Lego website hacked to beforehand crypto scam
- Here's a database of nan best firewalls today
- These are nan best endpoint protection tools correct now