Threat actors are using platform-aware phishing campaigns that fingerprint victims’ devices and operating systems to deliver tailored payloads after a click. Cofense found these attacks can serve different malware, disguise landing pages as trusted services, and increase attacker profits by adapting to Windows, macOS, Android, and other environments. #Cofense #FleetDeck #TifluxRAT #Telegram #Cloudflare #FIDO2 #ConnectWise
Keypoints
- Threat actors now adapt phishing campaigns to the victim’s device and operating system.
- Landing pages fingerprint user-agent data to gather device, browser, language, time, and geolocation details.
- Attackers can deliver different payloads, such as FleetDeck for macOS or Tiflux RAT for Windows.
- Phishing pages mimic trusted brands like Google, Docusign, Microsoft Teams, Adobe, and Zoom.
- Security teams should use FIDO2, train employees, and unify monitoring across Windows, Mac, and mobile.
Read More: https://www.darkreading.com/application-security/phishing-campaigns-auto-adapt-victims-device-os