On the Hunt
Published: 2026-03-18 · Archived: 2026-04-05 21:26:45 UTC
Device Code Phishing Campaign — Infrastructure Update
Mar 18, 2026
A follow-up investigation mapping 1,337 phishing URLs across 326 workers.dev hostnames, confirming a PhaaS
multi-tenant architecture, encrypted client-side payloads, and new lure variants targeting Adobe, DocuSign, and
Outlook branding.
Source: https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon/
https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon/
Page 1 of 1