Web Page Disguised as a Naver Login Page
Contents
On January 3rd, the ASEC analysis team covered a situation where a fake Kakao login page was used to steal the account credentials of certain individuals.
The team has confirmed that the threat actor used a vulnerable website to create a domain. The same method described in the above post was used to create a fake Naver login page, and we will be covering it in this post.
Emails impersonating Naver Help and web pages trying to steal account credentials through emails have been confirmed regularly for the past several years.
However, the same domain being used to create not only a fake Kakao web page, but now also a fake Naver web page has recently been found.
Seeing that users are led to a “Reconfirm Password” page, we can assume that this URL is distributed with a phishing email that advises users to change their account credentials.
The login ID is filled in automatically …
The team has confirmed that the threat actor used a vulnerable website to create a domain. The same method described in the above post was used to create a fake Naver login page, and we will be covering it in this post.
Emails impersonating Naver Help and web pages trying to steal account credentials through emails have been confirmed regularly for the past several years.
However, the same domain being used to create not only a fake Kakao web page, but now also a fake Naver web page has recently been found.
Seeing that users are led to a “Reconfirm Password” page, we can assume that this URL is distributed with a phishing email that advises users to change their account credentials.
The login ID is filled in automatically …