FlagThis

A sophisticated phishing campaign is underway, abusing the Webflow content delivery network (CDN) to steal credit card data and commit financial fraud. Attackers are hosting fake PDF documents on Webflow, embedded with CAPTCHA images and a real Cloudflare Turnstile CAPTCHA, to deceive users and evade detection by static scanners. This scheme targets individuals searching for documents on search engines, redirecting them to malicious PDFs.

These PDF files mimic a CAPTCHA challenge, prompting users to click and complete a genuine Cloudflare CAPTCHA, creating a false sense of security. Upon completion, victims are redirected to a page requesting personal and credit card details to "download" the supposed document. After entering their credit card details, users receive an error message, and repeated submissions lead to an HTTP 500 error page, while the attackers already have their information.

ImgSrc: securityonline.

References :

• Talkback Resources: Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners [social]
• The Hacker News: The Hacker News article about hackers using CAPTCHA trick on Webflow CDN.
• securityonline.info: Sophisticated Phishing Campaign Abuses Webflow CDN to Steal Credit Card Data
• securityonline.info: SecurityOnline.info article about phishing campaign abusing Webflow CDN.

Classification:

• HashTags: #PhishingCampaign #WebflowCDN #CreditCardTheft
• Company: Webflow
• Target: credit card data
• Product: Webflow CDN
• Feature: captcha trick
• Malware: CAPTCHA Trick
• Type: Hack
• Severity: Medium