216.73.216.89

Cybercriminals Abusing Vercel to Deliver Remote Access Malware

· Published 20/06/2025 19:26 · Modified 23/06/2025 23:47

Export JSON

Essential information

Published
20/06/2025 19:26
Modified
23/06/2025 23:47
Tags
2025-06-20 logmein phishing platform abuse remote access social engineering vercel
Related entities
5 observables

Description

A campaign has been identified that exploits , a legitimate frontend hosting platform, to distribute a malicious version of . Cybercriminals send emails with links to a malicious page on , impersonating an Adobe PDF viewer and prompting users to download a disguised executable. Once executed, the malware installs and connects to a server, allowing and control of the compromised machine. Over 28 distinct campaigns targeting more than 1,271 users have been observed in the past two months. The technique's effectiveness stems from the use of a legitimate platform, a genuine tool, and tactics. Recommendations include monitoring suspicious subdomains, educating employees about fake support scams, and implementing strict controls for software installations.

External references