A phishing campaign that uses Zoom's document share flow as the initial trust vector.
It forces victims through a fake "bot protection" gate, then shows a Gmail-like login. When someone types credentials, they are pushed out to the attacker over a WebSocket and the backend validates them.
1 comment
[ 4.3 ms ] story [ 17.2 ms ] threadIt forces victims through a fake "bot protection" gate, then shows a Gmail-like login. When someone types credentials, they are pushed out to the attacker over a WebSocket and the backend validates them.