IPFS Adoption for Phishing and Malware Campaigns

Updated on 2022-12-22

Trend Micro spotted web3 InterPlanetary File System (IPFS) being used for phishing, which first started on January 18 and spiked on November 7 at over 70,000 phishing URLs. Read more: Web3 IPFS Currently Used For Phishing

Updated on 2022-11-13: Bulletproof hosting meets web3

Even malware campaigns are jumping on the web3 train. Cisco’s Talos says it’s observed several campaigns that rely on hosting their malicious payloads on IPFS, or the InterPlanetary File System, a web3 technology that works as distributed, peer-to-peer storage. SecurityWeek has a quick explainer on how it works. Per @b4n1shed: “While these technologies have legitimate uses in a variety of practical applications, they also create opportunities for adversaries to take advantage of them within their phishing and malware distribution campaigns.” Here’s an example of a phishing page hosted on the IPFS network. IPFS traffic is also legitimate so this makes it more difficult for network defenders to identify malicious use.

Read more:

• Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
• Attackers Using IPFS for Distributed, Bulletproof Malware Hosting

I've spent the past several months monitoring adversarial abuse of the InterPlanetary File System (IPFS) in #malware distribution and #phishing campaigns.

Today I'm publishing research related to how attackers are using it.

Check it out!https://t.co/frewWbF4gc

— b4n1shed (@b4n1shed) November 9, 2022

Updated on 2022-11-11: IPFS adoption

Cisco Talos said it observed multiple malware campaigns that leverage the IPFS peer-to-peer protocol to host their malware payloads and phishing kit infrastructure for ongoing attacks. Cisco’s report comes after Trustwave saw a similar spike in IPFS adoption over the summer after several cloud providers added support for the protocol on their servers. The IPFS protocol is widely used by blockchain platforms, according to Cisco. Read more:

• Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
• IPFS: The New Hotbed of Phishing

Overview

Researchers spotted several phishing campaigns leveraging the decentralized Interplanetary Filesystem (IPFS) network to enable attacks, along with hosting malware and phishing kit infrastructure. Read more: Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns