Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware

CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool.

Over the past two months, threat actors have orchestrated at least 28 distinct campaigns, targeting more than 1,271 users with deceptive emails that lead to fraudulent pages hosted on Vercel subdomains.

Clever Abuse of Legitimate Platforms

These pages, designed to mimic trusted interfaces such as an Adobe PDF viewer, trick users into downloading a malicious executable disguised as a legitimate document.

This file, once executed, establishes a connection to a LogMeIn server, granting cybercriminals full remote control over the victim’s machine.

The use of a legitimate platform like Vercel, often associated with trusted development projects, lends an air of credibility to the phishing sites, making them harder for users and security tools to detect.

The success ...