By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Yesterday we reported on a phishing attack that utilizes the Azure Blob storage solution in order to have login forms secured by a Microsoft issued SSL certificate.  After reviewing the URLs utilized by the same attacker, BleepingComputer noticed that these same bad actors are also utilizing the Cloudflare IPFS gateway for the same purpose. Last month Cloudflare released an IPFS gateway that allows users to access content stored on the IPFS distributed file system through a web browser. As part of this implementation, all connections to the IPFS gateway are secured using SSL certificates issued by CloudFlare. By storing the HTML for phishing scams on IPFS, the attackers can then utilize Cloudflare's IPFS gateway to display the stored HTML document. For example, this attacker is using the gateway to display the following phishing form. The benefit of doing this is that the forms will then be secured using an SSL certificate issued by a well known company like Cloudflare, which could help to convince users that the form is legitimate. When the user submits the form, their phone number and email will be submitted to a page operated by the attackers at searchurl.bid. The user will then be redirected to a PDF titled "Business Models, Business Strategy and Innovation". Learn more on OUR FORUM.