Thursday, April 18, 2024

Hackers Use Open Redirect Vulnerabilities in Online Services to Deliver Phishing Content

Researchers at Resecurity noticed threat actors leveraging Open Redirect Vulnerabilities which is popular in online services and apps to evade spam filters to deliver phishing content. Trusted service domains like Snapchat and other online services make special URLs that lead to malicious resources with phishing kits.

The kit identified is named ‘LogoKit’ that was earlier used in attacks against Office 365, Bank of America, GoDaddy, Virgin Fly, and other financial institutions and online services.

LogoKit – Phishing Kit

LogoKit is well-known for its dynamic content generation using JavaScript. It can change logos of the impersonated service and text on the landing pages in to adapt on the fly. Therefore, the targeted victims will possibly interact with the malicious resource.

The analysis says in November 2021, there were more than 700 identified domain names used in campaigns leveraging LogoKit and it goes on to increase.

Researchers say in this case, the actors choose to use domain names in exotic jurisdictions with relatively poor abuse management process – .gq, .ml, .tk, ga, .cf or to gain unauthorized access to legitimate WEB-resources, and then use them as hosting for further phishing distribution.

LogoKit operators send victims a personalized, specially crafted URL containing their email address. Once a victim navigates to the URL, LogoKit fetches the desired company logo from a third-party service, such as Clearbit or Google’s favicon database.

LogoKit targeting Office 365 users
Example of an email containing text and a link with an embedded link inside it

The embedded link is leveraging Open Redirect Vulnerability in Snapchat, and another URL from Google leads to a phishing resource.

 The victim email is also auto-filled into the email or username field, tricking victims into thinking it’s a familiar site they’ve already visited and logged into. LogoKit performs an AJAX request sending their email and password to an attacker-owned server before finally redirecting the user to the corporate website they intended to visit when clicking the URL.

The threat actors without the need for changing templates, the LogoKit script itself will assist to embed malicious scripts or host attacker infrastructure. 

“Unfortunately, the use of Open Redirect vulnerabilities significantly facilitates LogoKit distribution, as many (even popular) online-services don’t treat such bugs as critical, and in some cases – don’t even patch, leaving the open door for such abuse”, Resecurity

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles