September 28, 2022

Hackers exploit open redirect vulnerabilities to run LogoKit phishing campaigns

Threat actors (TAs) have exploited open redirect vulnerabilities in online services and applications to bypass spam filters and deliver phishing content, according to new data from cybersecurity researchers Resecurity.

In particular, the TA allegedly used highly trusted service domains like Snapchat and other online services to create special URLs which then lead to malicious resources with phishing kits.

Resecurity said the tools used in these attacks were part of LogoKit, which was previously used in attacks against several financial institutions and online services internationally.

“LogoKit’s peak was identified around the beginning of August, when several new domain names mimicking popular services were registered and exploited with Open Redirects,” the notice reads.

“While LogoKit has been known in the underground for quite some time, at least since 2015, the cybercrime group behind it is constantly using new tactics.”

From a technical point of view, LogoKit is based on JavaScript programming language and can modify logos (of the imitated service) and text on landing pages in real time to make interaction with targeted victims more likely.

Once the victim accesses the URL, their email address is automatically filled into the email address or username field, leading them to believe that they have already logged in in the service.

If the victim then enters their password, LogoKit then performs an AJAX request, sending the target’s email and password to an external source, then ultimately redirects the victim to their “legitimate” corporate website. “.

In November 2021, Resecurity said there were over 700 identified domain names used in campaigns using LogoKit, but the company believes the number is steadily growing.

“These tactics allow cybercriminals to hide their activity behind notifications from legitimate services to evade detection,” Resecurity explained.

“Unfortunately, using Open Redirect vulnerabilities makes it much easier to distribute LogoKit, as many (even popular) online services don’t treat these bugs as critical and in some cases don’t even fix them, leaving the door open. to such abuses.”

To find out how to fend off most phishing attacks, you can read this review at Infosecurity Magazine by Drew Rose, co-founder of Living Security.