An AI-powered presentation tool named Gamma is being exploited by malicious actors in a series of phishing attacks, according to newly released research by security vendor Abnormal Security. The findings indicate that this otherwise legitimate graphic design software is misused to deceive victims into providing personal information through counterfeit communication.
The phishing campaign involves attackers using stolen email accounts to send targets messages that appear credible. The emails contain an attachment that, when clicked, leads the recipient to a Gamma presentation hosted on a legitimate website. The Gamma presentation includes a convincing call to action, urging users to access a purported PDF document, but ultimately directs them to a fraudulent Microsoft portal designed to harvest victims’ login credentials.
Abnormal Security’s report outlines a structured approach taken by the attackers, employing tactics such as an adversary-in-the-middle (AiTM) method, which checks the entered credentials in real time. This technique not only heightens the likelihood of success by mimicking expected user interactions but also builds a false sense of security among victims by providing immediate feedback on their entries. According to Piotr Wojtyla, head of threat intelligence at Abnormal, these tactics enhance the perceived legitimacy of the attacks.
As cybercriminals increasingly leverage trusted services to conduct malicious activities, experts advise organizations to heighten their defenses through traditional phishing prevention practices. This includes scrutinizing URLs and remaining vigilant against vague calls to action. Moreover, Wojtyla emphasizes the responsibility of platforms like Gamma to implement proactive measures against misuse, such as monitoring user behavior and deploying automated scanning tools.
While the specifics of the campaign underscore the evolving sophistication of phishing techniques, they illustrate a pressing need for continued awareness and proactive security measures in the digital realm. As such threats proliferate, users and platform providers alike must adapt to protect against the rising tide of credential theft and fraudulent activities.