CloudFlare SSL Certificate Used for Phishing Scam

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
A free SSL certificate from CDN and DNS provider CloudFlare has been used by cybercriminals in a phishing email to increase the trust level in a malicious link.

CloudFlare services had been abused in the past, and to increase protection for its customers the company announced on September 29 that it would support SSL connections to each of its clients, regardless if they pay for a subscription or registered for the free service.

With this move, the company doubled the number of websites that supported encrypted connections.

Jerome Segura of Malwarebytes has recently noticed a new email campaign that leveraged a site benefiting from a free CloudFlare certificate in order to deliver malware.

The malicious message claimed to be a notice from cloud-based, remote connectivity service provider LogMeIn, about an alleged problem with extending the service subscription due to insufficient funds.

The HTTPS link included in the email claimed to point to an invoice showing the details of the transaction. Since it indicated a secure connection, users were more likely to trust that the downloaded file was a legitimate one.

Fortunately, CloudFlare has revoked the certificate for the website and the location is now flagged as malicious in all major web browsers.

“In some regard SSL certifications may become like digitally signed files, where while they do add a level of trust one should still exercise caution and not blindly assume everything is fine,” Segura says in a blog post, adding that cybercriminals are very likely to use SSL more frequently in their attacks.

At the moment, Virus Total lists 29 out of 56 antivirus engines capable of correctly identifying as a threat the payload that comes as a PIF (program information file).
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top