March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – AZORult Trojan – IOCs
May 11, 2020
Rewterz Threat Alert – Poulight Stealer
May 12, 2020
Rewterz Threat Alert – AZORult Trojan – IOCs
May 11, 2020
Rewterz Threat Alert – Poulight Stealer
May 12, 2020
Severity
Medium
Analysis Summary
Another phishing campaign that attempts to get users to give up their WebEx credentials. The initial email claims that there is an SSL certificate issue related to WebEx that requires the user to login and verify their account. The body of the email appears professional and leverages the WebEx logo to reinforce its legitimacy. Additionally, a SendGrid link is used to hide the true destination URL. If a user clicks the link, they will be redirected to a domain with an SSL certificate and web meeting theme as opposed to the actual WebEx domain. The landing page appears to be a copy of the real WebEx login page. The first page simply asks for the user’s email address, while the second requests their password also. In order to avoid raising suspicions, after the credentials are captured by the attacker, the victim is redirected to the legitimate WebEx login page. The researchers note that they were able to find an open directory hosted on the attacker’s server containing the files that generate the fake webpage.
Affected Vendors
WebEx
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.
- Always be suspicious about emails sent by unknown senders.