BURSTCybercriminals are leveraging Gamma AI, a platform for creating presentations, websites, and documents, to build sophisticated and difficult-to-detect phishing page redirectors.
These malicious actors are exploiting Gamma’s advanced capabilities to host phishing redirect pages directly on the legitimate domain, gamma.app, raising concerns about the misuse of AI-powered tools in cyberattacks.
The phishing scheme begins with a link hosted on Gamma’s domain (e.g., hxxps://gamma[.]app/docs/...). When clicked, users are redirected through a series of intermediary pages.
The process mimics legitimate workflows by incorporating CAPTCHA-like verifications, such as Cloudflare Turnstile or similar mechanisms.
According to Ankit Anubhav, this tactic not only adds an air of legitimacy but also helps bypass automated security scanners that might flag suspicious activity.
Once the CAPTCHA is solved, users are either directed to a genuine website like Wikipedia (in sandbox mode) or sent to a fully operational phishing page hosted on another system.
These phishing pages are designed to steal sensitive information, such as login credentials or financial data. By hosting the initial redirector on Gamma’s domain, attackers exploit the trust associated with the platform, making it harder for security vendors to identify and block these threats.
Why Gamma AI Is Being Exploited
Gamma AI offers tools that allow users to create polished websites and presentations without coding skills. Its ability to clone websites by importing content from URLs makes it particularly appealing for malicious actors.
This feature enables attackers to replicate legitimate-looking websites with minimal effort, which can then be used as part of their phishing campaigns.
Furthermore, Gamma’s legitimate domain and robust encryption practices make it an ideal platform for hosting redirectors. Security systems often whitelist trusted domains like gamma.app, inadvertently allowing these malicious links to pass through undetected.
The use of AI-powered platforms like Gamma in phishing campaigns highlights the evolving sophistication of cyber threats. By combining trusted domains with advanced redirection techniques, attackers are finding new ways to evade detection.
This trend mirrors other recent phishing campaigns that have exploited services like Cloudflare R2, and YouTube attribution links to distribute malicious content.
The integration of CAPTCHA systems further complicates detection efforts by preventing automated scanners from analyzing the final phishing destination. This approach ensures that only human victims reach the malicious pages while security tools remain blind to the attack chain.
What Can Be Done?
To mitigate these risks, cybersecurity experts recommend:
- Enhanced Domain Monitoring: Vendors should closely monitor trusted domains like gamma.app for signs of abuse.
- AI-Based Threat Detection: Leveraging AI-driven tools can help identify unusual patterns in how trusted platforms are used.
- User Education: Raising awareness about phishing tactics involving intermediary pages and CAPTCHAs is crucial.
The misuse of Gamma AI underscores the dual-edged nature of technological advancements. While platforms like Gamma empower users with innovative tools, they also allow cybercriminals to exploit them.
As phishing tactics evolve, a proactive approach combining technology and awareness will be critical in staying ahead of these threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Hackers Exploit Gamma AI to Create Sophisticated Microsoft Themed Phishing Redirectors appeared first on Cyber Security News.