BleepingComputer has analyzed a targeted phishing campaign being reported by cPanel users. The phishing email has a subject line of “cPanel Urgent Update Request.”
The content of the body is a fake security advisory claiming that an update is needed to patch cPanel vulnerabilities. It mimics legitimate cPanel emails in order to increase its legitimacy and is relatively well crafted with few grammar and spelling issues. In order to further trick users, the attackers registered a lookalike domain, which was used in combination with Amazon Simple Email Service (SES) to send out the emails.
Clicking the link in the body of the email redirected users to a fake cPanel login page. The phishing landing page has since been taken down and now redirects to a Google search for “cpanel.”
Indicators of Compromise