Cybercriminals Abusing Vercel to Deliver Remote Access Malware
June 23, 2025, 11:47 p.m.
Description
A phishing campaign has been identified that exploits Vercel, a legitimate frontend hosting platform, to distribute a malicious version of LogMeIn. Cybercriminals send phishing emails with links to a malicious page on Vercel, impersonating an Adobe PDF viewer and prompting users to download a disguised executable. Once executed, the malware installs and connects to a LogMeIn server, allowing remote access and control of the compromised machine. Over 28 distinct campaigns targeting more than 1,271 users have been observed in the past two months. The technique's effectiveness stems from the use of a legitimate platform, a genuine remote access tool, and social engineering tactics. Recommendations include monitoring suspicious Vercel subdomains, educating employees about fake support scams, and implementing strict controls for remote access software installations.
Tags
Date
- Created: June 20, 2025, 7:26 p.m.
- Published: June 20, 2025, 7:26 p.m.
- Modified: June 23, 2025, 11:47 p.m.
Indicators
- 9bde904a892ebb8db95040cbf793a585704063c7656ece6186486752f68b8a6b
- 233e1eff3fa01631889529032b15cf7a2d686462e002b9a7b56355f93ab45e52
- 0a1a85a026b6d477f59bc3d965b07d0d06e6ff2d34381aff79ea71c38fed802b
- findhome.cl
- mail.blta.ro