Researchers at Netskope Threat Labs have identified a phishing campaign that uses malicious PDF files hosted on the Webflow content delivery network to trick users into providing credit card information, reports The Hacker News.According to the researchers, the attack primarily targets individuals who are searching for documents, book titles, and charts on search engines like Google. Victims are redirected to a PDF file containing a fake CAPTCHA challenge linked to a phishing page.To enhance credibility, the attackers use a real Cloudflare Turnstile CAPTCHA before directing victims to a fraudulent download page. Upon clicking the “download” button, users receive a pop-up requesting personal and credit card details. The victim will then encounter an error message, forcing them to enter their card details multiple times before they are ultimately shown an HTTP 500 error page. Meanwhile, a new phishing kit, Astaroth, is being sold on cybercrime marketplaces for $2,000. This phishing-as-a-service tool intercepts login credentials and two-factor authentication codes by acting as a reverse proxy between users and legitimate authentication services, such as Gmail and Microsoft. Security researchers warn that such sophisticated tactics make phishing attacks harder to detect and prevent.
Phishing campaign exploits Webflow CDN to steal credit card data
