"Phishing Campaign Goes Cutting-Edge With IPFS"

Malicious actors behind credential harvesting attacks are spreading customized phishing links using a distributed file protocol. Since the InterPlanetary File System (IPFS) is designed to be resilient against content takedowns, researchers report that scammers are using it to send phishing emails at scale. IPFS functions as a peer-to-peer (P2P) network of nodes that individually store fragments of files accessible via a unique fingerprint called a "content identifier." Files are stored and retrieved based on their content identifier instead of their location on a remote server. In a white paper, the protocol's creator Juan Benet compared it to "a single BitTorrent swarm, exchanging objects within one Git repository." The protocol benefits cybercriminals because it reduces the cost of phishing web page hosting, and its distributed nature makes it nearly impossible to delete files. Researchers first spotted URL addresses of malicious IPFS files in October 2022. February 2023 was the busiest month for IPFS phishing activity, with nearly 400,000 attempts detected by researchers. The scammers upload HTML files containing a phishing form into IPFS and then attempt to convince victims to click on proxy links leading them into a gateway to access the files. This article continues to discuss attackers' use of the IPFS protocol to distribute phishing links. 

GovInfoSecurity reports "Phishing Campaign Goes Cutting-Edge With IPFS"