Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.

Researchers from DomainTools discovered the suspicious PDFs – which themselves do not include malicious content – back in July, wrote Senior Security Researcher Chad Anderson, in a report published Thursday.

Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote. Glitch is a Web-based project-management tool with a built-in code editor for running and hosting software projects ranging from simple websites to large applications.

The campaign appears to be targeting only employees working in the Middle East as “a single campaign” in a series of similar, SharePoint-themed phishing scams, Anderson wrote.

Abusing Glitch

To understand how the campaign works, one needs to understand how the free version of Glitch works, Anderson explained. The platform allows an app to operate for five

Read More: https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/