On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was dynamically constructed using React and used a legitimate e-mail service for credential collection.
A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
This post was originally published on this site