216.73.216.204

Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware

· Published 10/07/2026 00:16

Export JSON

Essential information

Published
10/07/2026 00:16
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
email campaign executable disguise logmein pdf impersonation phishing remote access trusted platform exploitation vercel abuse
Related entities
1 indicators, 12 techniques (mitre), 1 malware

Description

Cybercriminals are conducting campaigns by hosting malicious pages on Vercel, a legitimate website hosting platform. The attack involves sending emails with links to fake Adobe PDF viewer pages that prompt users to download executable files disguised as documents. The malware, distributed as Invoice06092025.exe.bin, automatically installs software upon execution, enabling attackers to remotely control compromised machines. Over a two-month period, more than 28 distinct campaigns have been observed targeting over 1,271 users. The attackers leverage trusted platforms to disguise their malicious activity, making detection more challenging and increasing the likelihood of successful compromise.

External references