Microsoft Azure, Google sites exploited in large-scale crypto theft campaign

Cryptocurrency platform users are being targeted by a massive phishing operation exploiting Microsoft Azure Web and Google Sites, according to BleepingComputer. Netskope security researchers discovered that threat actors have leveraged Microsoft's Azure Web Apps and Google Sites to create websites impersonating Coinbase, Gemini, Kraken, and MetaMask in an effort to compromise user wallets and assets. Such phishing sites are then promoted by threat actor-controlled bots' comments on legitimate sites, said researchers, who also found that some of the sites have been appearing on top of Google Search results. The report also showed that phishing pages spoofing cryptocurrency exchanges Coinbase, Gemini, and Kraken have been seeking to exfiltrate users' login credentials through a phony two-factor authentication page while the MetaMask phishing site has been working on user password and wallet seed phrase theft. Crypto users have been urged to be wary of clone websites, as well as refrain from sharing their wallets' recovery phrases.