More Than Music: The Unseen Cybersecurity Threats of Streaming Services

Cofense PDC observed a phishing campaign impersonating Spotify that used spoofed email headers and legitimate-looking content to trick recipients into clicking a malicious link (initially hosted at 40.82.178.115 and routed via a Linktree URL) which redirected to Azure App Service pages cloned to resemble Spotify. The landing pages harvested credentials, credit card details, and bank-issued transaction passwords, sending the data to a PHP-based C2; the report includes multiple IOCs (URLs, IPs, and Azure hostnames) and highlights the tactics used to obfuscate malicious links and capture financial information.