Ddos 
In the screenshot the generic phishing webpage turned into a fake google login page | Source: CloudSEK
The CloudSEK Threat Research Team has revealed a new trend in phishing campaignsβgeneric phishing pages capable of impersonating any brand by dynamically adapting to targeted victims. Leveraging free platforms like Cloudflare’s Workers.dev and tools such as Thum.io, these pages trick users into surrendering sensitive credentials, posing a significant threat to businesses and individuals alike.
The generic phishing page, hosted on URLs like workers-playground-broken-king-d18b.supermissions.workers.dev, is designed to steal credentials by mimicking login pages. According to CloudSEK, βThe phishing site takes a screenshot of the domain found in the targeted user’s email address (e.g. google.com) using thum.io (a free website screenshot generator) and uses it as the background of the phishing site to deceive unsuspecting users.β This allows the phishing page to dynamically impersonate platforms such as Google or Microsoft.
The phishing page captures a screenshot of the legitimate brandβs website using the email domain in the URL. For example, adding #user@google.com to the URL generates a fake Google login page. Once the victim enters their credentials, the information is sent to a remote endpoint controlled by the attackers. CloudSEK identified the endpoint as hxxps://kagn[.]org/zebra/nmili-wabmall.php. The page employs obfuscated JavaScript (myscr939830.js) to evade detection. However, CloudSEK notes, βThe JavaScript was not sophisticated and was easily deobfuscated,β revealing the phishing pageβs functionalities.
Further analysis revealed that the phishing scripts were hosted on various platforms, including Cloudflareβs R2 storage and the Web3 blockchain storage service. The domain used for exfiltration, kagn[.]org, was registered six years ago and is believed to have been exploited and backdoored by the attackers.
Related Posts:
- Security Alert: Hackers Can Access Google Accounts Without Passwords
- Threat Actors Exploit Fake Brand Collaborations to Target YouTube Channels
- Hacker forged Windows 11 upgrade website to trick users to download the virus
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
