Attacks aimed at compromising cryptocurrency wallets through phishing pages created using the Webflow website builder — which recorded a 10-fold traffic increase from April to September — have been launched against over 120 organizations around the world, most of which are financial services, banking, and technology entities in North America and Asia, according to The Hacker News.
Threat actors leveraged Webflow to establish dedicated phishing pages and stealthier custom subdomains mimicking legitimate cryptocurrency wallet sites in an effort to lure targets into inputting their credentials, which are later exfiltrated and used to enable seedphrase compromise, crypto wallet takeovers, and crypto asset theft, a report from Netskope Threat Labs revealed. "Users should always access important pages, such as their banking portal or webmail, by typing the URL directly into the web browser instead of using search engines or clicking any other links," said Nekskope researcher Michael Alcantara. Such a development comes as the WarmCookie malware, also known as BadSpace, was reported by Cisco Talos to have been spread in new malvertising and malspam attacks.
