The decentralized file system solution known as IPFS is becoming the new “hotbed” for hosting phishing sites, researchers have warned.
What’s with IPFS and why do attackers use it?
IPFS was created in 2015 and is a distributed, peer-to-peer file-sharing system for storing and accessing files, websites, applications, and data. Contents are available through peers located worldwide, who might be transferring information, storing it, or doing both. IPFS can locate a file using its content address rather than its location.
The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship.
Attacks observed by the Trust typically involve some type of social engineering to lower targets’ defenses to force them to click fake IPFS links and activate infection chains.
These domains invite potential victims to enter their credentials to view a document, track a DHL package, or renew an Azure subscription, only to have their email addresses and passwords transferred to a remote server.
“With data security, a robust network, and little regulation, IPFS is arguably the perfect platform for attackers to host and share malicious content,” the researcher said.
“Phishing techniques have made a leap through the use of the concept of decentralized cloud services using IPFS,” the researchers concluded.