Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
ID: ab189b92-b226-5d77-ba0d-449e969928ff
STIX ID: report--ab189b92-b226-5d77-ba0d-449e969928ff
Feed Name: Dark Reading
Cofense Intelligence describes how phishing actors have shifted from broad 'spray-and-pray' emails to platform-aware campaigns that fingerprint victims' browsers and devices to deliver tailored payloads (e.g., FleetDeck for macOS, Tiflux RAT for Windows) or credential-stealing pages. These campaigns reuse legitimate remote access tools as RATs, use services like Cloudflare to route victims and Telegram for exfiltration, and benefit from LLMs and phishing kits to scale; defenders are advised to improve cross-platform visibility, monitor post-click behavior, and adopt phishing-resistant authentication.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
