A recent phishing campaign has been uncovered by Netskope Threat Labs, highlighting a sophisticated technique where attackers exploit Webflow’s Content Delivery Network (CDN) and fake CAPTCHAs to steal sensitive financial information. This campaign, ongoing since the second half of 2024, targets users searching for documents on search engines, leading them to malicious PDFs hosted on Webflow’s CDN. Users must remain vigilant when interacting with documents found through search engines and be cautious of requests for sensitive information, especially when prompted by unfamiliar websites. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Attackers manipulate SEO by embedding targeted keywords in malicious PDFs, making them appear in search results for common queries like book titles or charts. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Netskope analysts noted the the campaign exploits Webflow CDN (assets.website-files[.]com) to host these malicious PDFs. Netskope Threat Labs reported the malicious URLs to Webflow on January 23, 2025, as part of their ongoing efforts to combat these threats. These PDFs contain fake CAPTCHA images with embedded phishing links, tricking users into clicking. The use of fake CAPTCHAs and SEO manipulation in phishing attacks clearly presents the evolving sophistication of cyber threats. To add legitimacy, the phishing site redirects users to a real Cloudflare Turnstile CAPTCHA before leading them to a fraudulent document access page.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 13:10:24 +0000