A number of phishing campaigns are leveraging the decentralized InterPlanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks.
“Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks,” Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.
The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which found more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new “hotbed” for hosting phishing sites.
IPFS as a technology is both resilient to censorship and takedowns, making it a double-edged sword. Underlying it is a peer-to-peer (P2P) network which replicates content across all participating nodes so that even if a file is removed from one machine, requests for the resource can still be served via other systems.
This also makes it ripe for abuse by bad actors looking to host malware that can resist law enforcement attempts at disrupting their attack infrastructure, like seen in the case of Emotet last year.
images from Hacker News