Threat actors abused an open redirect on the official website of the United Kingdom's Department for Environment, Food & Rural Affairs (DEFRA) to direct visitors to fake OnlyFans adult dating sites.
OnlyFans is a content subscription service where paid subscribers get access to private photos, videos, and posts from adult models, celebrities, and social media personalities.
As it is a widely used site, and the name is recognizable, threat actors have created a series of fake OnlyFans adult dating sites to gain subscribers or steal people's personal information.
Abusing open redirect on DEFRA
As part of this malicious campaign, threat actors abused an open redirect at that looked like a legitimate U.K. government link but redirected visitors to the fake OnlyFans dating site.
An example of this redirect is below:
http://riverconditions.environment-agency.gov.uk/relatedlink.html?class=link&link=https://pentestpartners.com
Redirects are legitimate URLs on website web addresses that automatically redirect users from the initial site to another URL, commonly at an external site.
For example, a website could have a redirect like www.example.com/redirect/www.google.com, which, when clicked, automatically redirects the user to Google.
An open redirect can be modified by anyone, allowing threat actors and scammers to create redirects from a legitimate site to any site they want.
This allows threat actors to abuse open redirects and cause legitimate links to appear in search results that send visitors to websites under their control to display phishing forms or deliver malware.
The malicious campaign abusing the open redirect on DEFRA's river conditions site was discovered last week by an ..
Support the originator by clicking the read the rest link below.
