The 6 URL Shorteners You Didn't Know Were Helping Hackers

Cofense Intelligence analyzed July 2024–June 2025 campaigns that abuse URL shortening services (T.ly, TinyURL, Rebrand.ly, Is.gd, Goo.su, Qrco.de) to conduct credential phishing and deliver malware — notably information stealers and RATs — by leveraging features such as analytics, QR-code generation, APIs, free trials, link expiration and traffic routing; the report provides service-specific prevalence (e.g., Goo.su ~89% malware, Is.gd ~49% malware), lists observed malware families (Pure Logs, Lone None, Mispadu, Byakugan, ConnectWise RAT, Cobalt Strike), and recommends mitigations including user training, selective blocking of shorteners, and multi-hop redirect analysis.