The Glitch platform has become a target for phishing hackers. It seems that the service is being actively abused by cybercriminals with the goal to host on this platform for free phishing sites that perform credentials theft. The ones targeted are employees of big enterprises, companies collaborating with the Middle East.
How the Abuse of the Glitch Platform Works
DomainTools researchers published a report on this topic. According to them, the phishing campaign was started back in July 2021, being still in progress.
The threat actors operate like this:
They avoid antivirus alerts by sending e-mail messages with PDF-based attachments without any malicious code within; What can be found instead in these PDFs is a specific link; This link will lead to a malicious website that is hosted on the Glitch platform; Then, a landing page will be displayed; Researchers have identified many PDFs of this kind in a number of 70; The particularities about these PDFs were the unique URL and the e-mail correlated with each of them. All this links are related to different “red.htm” pages hosted by Glitch. An example of an URL that can be found in this kind of PDF document, according to the