Cybercriminals leverage a free tunnel application to host phishing pages

December 20, 2021
Cybercriminals Free Tunnel Application Phishing Pages Fraud Scam Cybercrime

After being reported by our clients, cybersecurity experts from iZOOlogic have observed a new trend of phishing pages hosted through a tunnel application Expose by the firm Beyond Code. The malicious activity was initially detected around October, but the threat actors behind it have continuously leveraged the service to create fraudulent phishing pages.

Beyond Code is a German-based software development company that offers services to help other developers worldwide with different IT-related products and courses. Expose is one of the many services that the company offers for free for their clients. It is an open-source tunnel application written in PHP that allows developers to share and connect created websites or pages from a local computer to the public internet.

According to the discoveries of iZOOlogic cybersecurity experts, the threat actors involved in the malicious activity can easily create an Expose account for free in less than a couple of minutes using an active email address. The tunnel application Expose offers a free domain plan for clients using a “.sharedwithexpose.com” address. This free domain enables threat actors to establish and launch a website that they exploit for fraudulent phishing activities.

 

Threat actors easily any exploit tunnel application like Expose to execute phishing activities for cyberattacks.

 

It also has a powerful command-line interface (CLI) and a web-based dashboard that reveals the incoming HTTP requests on the client. Since the platform only requires a valid and verified email address to be enabled, threat actors have taken advantage of the service. It also does not require them to enter personal details that let them hide their identities without difficulty.

Furthermore, the Expose free tunnel application service is the best alternative to the NGROK platform, another tunnel solution that enables users to expose a web server operating on a local machine such as a computer to the internet.

iZOOlogic cybersecurity experts advise clients who use tunnel services to protect their tunnel access with passwords and enable IP whitelisting so access can only be allowed for trusted IP addresses. Most importantly, it is encouraged to avoid engaging in suspicious emails with attachments or links that could be a tool for phishing activities.

About the author