Spammers behind credential harvesting attacks are taking advantage of a distributed file protocol to distribute customized phishing links. Because the system, the InterPlanetary File System, is designed to be resilient against content takedowns, scammers are using it to deliver phishing emails at scale, say researchers from Kaspersky.
IPFS works as a peer-to-peer network of nodes that each store shards of files that are reachable through a unique fingerprint its designers dub a “content identifier.” The idea is to store and retrieve files via their content identifier rather than their location on a remote server.