HomesecurityHackers use Basecamp for phishing and malware attacks

Hackers use Basecamp for phishing and malware attacks

The phishing attacks have begun to take advantage of Basecamp while trying malware distribution and theft of credentials.

Basecamp is an online project management solution that allows people to collaborate, talk to each other, create documents and share files.


Documents can be formatted with HTML links, images and text. In addition, Basecamp allows users to upload any file in a project, including some formats that are usually considered insecure (executables, JavaScript files, etc.).

For file sharing, the users can create one public link which allows people outside the organization to preview the file and download it.

If users click on this link, they will be taken to a page that previews the file. There is also a link that allows you to download the file to computer.

With Basecamp, users can distribute any type of file.


Basecamp is used for distribution malware executable

Security researchers have found that Criminals of cyberspace distribute executable BazarLoader, using Basecamp public download links.

BazarLoader is one backdoor Trojan, developed by the TrickBot gang and targeting large organizations. Once installed, BazarLoader will develop Cobalt Strike beacons that allow crooks to obtain access the network of organizations and develop Ryuk ransomware.

Misuse of secure services, such as Basecamp, for hosting malicious files and phishing pages is common. Users feel one safety, seeing a legitimate service. Therefore, they are easy to deceive.

In addition, according to researchers, the use of Basecamp URLs allows the creation carefully designed and targeted campaigns. The users they believe that the file they receive comes from their Basecamp project and thus give the criminal access to the network.

Therefore, all files and download links should be treated as suspicious, regardless of their source. The hackers use legal services to be as convincing as possible.


The Basecamp is used in phishing campaigns

In a report by the cybersecurity company Cyjax, the researcher Will thomas explains that some phishing campaigns use Basecamp to host pages that redirect users to phishing sites.

Because Basecamp is legal, it is also considered reliable bypass security solutions.

"This technique is effective because Basecamp and Google Cloud hosting are often used for business operations and are considered secure solutions by most tracking systems. Cloud platforms also maintain the anonymity of their users and can be set up quickly. It is difficult for SOC analysts to identify them as a threat because traffic to and from these services seems legitimate", Thomas explains in his report.

Recently, Thomas discovered a phishing campaign that used a Basecamp document to redirect users to a phishing page in Office 365. There the user must enter their credentials.

In addition, according to Bleepingcomputer, The hackers use Basecamp because they can edit any intermediate pages (those that redirect users to phishing sites). If there is a problem with a particular phishing page, the hackers they can simply log in to Basecamp and modify the intermediate page to redirect the user to a different phishing page. This way, hackers can continue attacks even if researchers manage to remove a phishing page.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!