Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.
Researchers from DomainTools discovered the suspicious PDFs – which themselves do not include malicious content – back in July, wrote Senior Security Researcher Chad Anderson, in a report published Thursday.
The campaign appears to be targeting only employees working in the Middle East as “a single campaign” in a series of similar, SharePoint-themed phishing scams, Anderson wrote.
To understand how the campaign works, one needs to understand how the free version of Glitch works, Anderson explained. The platform allows an app to operate for five