Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware
Essential information
- Published
- 10/07/2026 00:16
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- email campaign executable disguise logmein pdf impersonation phishing remote access trusted platform exploitation vercel abuse
- Related entities
- 1 indicators, 12 techniques (mitre), 1 malware
Description
Cybercriminals are conducting phishing campaigns by hosting malicious pages on Vercel, a legitimate website hosting platform. The attack involves sending phishing emails with links to fake Adobe PDF viewer pages that prompt users to download executable files disguised as documents. The malware, distributed as Invoice06092025.exe.bin, automatically installs LogMeIn remote access software upon execution, enabling attackers to remotely control compromised machines. Over a two-month period, more than 28 distinct campaigns have been observed targeting over 1,271 users. The attackers leverage trusted platforms to disguise their malicious activity, making detection more challenging and increasing the likelihood of successful compromise.