Thousands of users' passwords stolen through phishing in Google search

Thousands of users' passwords stolen through phishing in Google search

Hackers involved in a phishing campaign targeting the construction and energy sectors have made public all the stolen credentials. The hackers have made all those credentials visible from a simple Google search.

Checkpoint Research released a blog post on Thursday. In which the campaign is explained. In which all the stolen credentials and information was dumped in a compromised WordPress domain.

The phishing attack was carried out using various fake email templates. In the subject line, the names and titles of the employees of the target company as well as Xerox and Xerox scan notifications were mimicked.

The phishing messages were generated from a Linux server and hosted on Microsoft Azure and sent from PHP Mailer and One and One Email servers. Even then, spam was sent from email accounts used by hackers to pretend to be legitimate sources.

The attackers of the phishing scam also put some JavaScript code in an attached HTML file, the purpose of which was to check the password used in the background. When the input credentials were detected, it was sent to the static login page.

This phishing chain sounds simple, but in fact, it has bypassed Microsoft Office 365 Advanced Threat Protection ATP filtering. The phishing involved the theft of credentials from more than a thousand corporate employees.