Threat Actors Exploit Vercel's GenAI for Phishing Campaigns

Severity: Medium (Score: 58.5)

Sources: cofense.com, Infosecurity-Magazine

Summary

Threat actors are increasingly using Vercel's generative AI tool, v0[.]dev, to create realistic phishing websites that mimic well-known brands. Cofense has observed a rise in campaigns utilizing this tool, which allows even minimally skilled attackers to generate convincing phishing pages with simple text prompts. Vercel's platform not only simplifies the creation of these sites but also provides hosting, making it easier for attackers to deploy and redeploy phishing pages quickly. The phishing campaigns include fake Microsoft landing pages, Spotify emails, and job postings for major brands like Adidas and Nike. The ease of use and integration with other tools like Telegram and AWS enhances the threat posed by these campaigns. Security teams are advised to look for unusual sender domains and other signs of phishing in emails to mitigate risks. As generative AI capabilities improve, the potential for abuse by threat actors is expected to grow. Key Points: • Vercel's v0[.]dev tool is being exploited for creating realistic phishing sites. • Minimally skilled attackers can generate phishing pages using simple text prompts. • Cofense has reported a significant increase in phishing campaigns utilizing Vercel.

Key Entities

• Phishing (attack_type)
• Adidas (company)
• Ferrari (company)
• Louis Vuitton (company)
• Microsoft (company)
• Nike (company)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566.003 - Spearphishing Via Service (mitre_attack)
• BlackBox (tool)
• Gemini (tool)
• GPT (tool)
• DeepSite (tool)
• Telegram Bot API (tool)
• DeepSite AI (platform)
• Stripe (platform)
• Telegram (platform)
• ThreatHQ (platform)
• FraudGPT (malware)
• WormGPT (malware)