Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

Home/malicious cyber actors, Microsoft, Security Advisory, Security Update/Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

The decentralized file system solution known as IPFS is becoming the new “hotbed” for hosting phishing sites, researchers have warned.

What’s with IPFS and why do attackers use it?

IPFS was created in 2015 and is a distributed, peer-to-peer file-sharing system for storing and accessing files, websites, applications, and data. Contents are available through peers located worldwide, who might be transferring information, storing it, or doing both. IPFS can locate a file using its content address rather than its location. 

The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship.

Attacks observed by the Trust typically involve some type of social engineering to lower targets’ defenses to force them to click fake IPFS links and activate infection chains.

These domains invite potential victims to enter their credentials to view a document, track a DHL package, or renew an Azure subscription, only to have their email addresses and passwords transferred to a remote server.

“With data security, a robust network, and little regulation, IPFS is arguably the perfect platform for attackers to host and share malicious content,” the researcher said.

“Phishing techniques have made a leap through the use of the concept of decentralized cloud services using IPFS,” the researchers concluded.

IOCs 

hxxps://ipfs[.]fleek[.]co/ipfs/bafybeiddmwwk3rvvu5zlweszoyvo54v3corf2eu4fmhxwprhxitj2jdrmi 

hxxps://ipfs[.]fleek[.]co/ipfs/bafybeic63bwxphx3sasgvpb2fvy766aiymvy2pzoz3htx7zomysw67jucu 

hxxps://jobswiper[.]net/web_data_donot_delete/store/w3lllink[.]php 

hxxps://jobswiper[.]net/web_data_donot_delete/ 

hxxps://o365spammerstestlink[.]surge[.]sh/ 

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2022-07-29T19:23:47+05:30 July 29th, 2022|malicious cyber actors, Microsoft, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!