Hackers are leveraging AI tools like Vercel's v0 to create phishing websites that mimic legitimate login pages, including those of Okta and Microsoft 365. Researchers found that these phishing sites store resources on Vercel's infrastructure, increasing their legitimacy. This new approach allows hackers to scale their phishing operations more effectively. For the first time, AI is being used to construct phishing infrastructure rather than just the content. The open-source nature of similar applications on GitHub further lowers the barrier for adversaries to develop advanced phishing technologies.
Hackers are using AI tools like Vercel's v0 to create phishing sites that closely impersonate legitimate login webpages, including Okta and Microsoft 365.
By storing phishing resources, including logos, on trusted infrastructure, attackers aim to evade detection through CDN logs and malicious infrastructure.
This marks the first time Okta has observed AI being utilized not just for phishing content, but for building the phishing infrastructure itself.
The proliferation of open-source tools on GitHub democratizes advanced phishing capabilities, enabling adversaries to create sophisticated phishing infrastructures.
Collection
[
|
...
]