{"id":109158,"date":"2023-03-27T08:00:48","date_gmt":"2023-03-27T08:00:48","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=109158"},"modified":"2023-03-27T16:55:57","modified_gmt":"2023-03-27T16:55:57","slug":"ipfs-phishing","status":"publish","type":"post","link":"https:\/\/securelist.com\/ipfs-phishing\/109158\/","title":{"rendered":"How scammers employ IPFS for email phishing"},"content":{"rendered":"

The idea of creating Web 3.0 has been around since the end of 2000s<\/a>. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak is likely should just one server be compromised. Web 3.0 is described<\/a> as a decentralized and open internet\u00a0\u2014 some of its features already implemented in today’s digital world.<\/p>\n

Unfortunately, the “new internet” will still remain a playground for criminals who will employ cutting-edge technologies for their old sport of data theft, financial machinations and the like. In this article, I will dwell on how they use one of the WEB 3.0 technologies\u00a0\u2014 the distributed file system IPFS\u00a0\u2014 for email phishing attacks.<\/p>\n

What is IPFS?<\/h2>\n

IPFS (InterPlanetary File System<\/em>) is a peer-to-peer distributed file system enabling users around the world to exchange files. Unlike centralized systems, IPFS uses addressing performed according to unique content identifiers (CID), and not file paths. CID is generated based on the file’s hash value and then recorded to a distributed hash table, which also contains information on the file owner. The file itself resides on the computer of the user who had “uploaded” it to IPFS, and is downloaded directly from that computer. The structure of IPFS is somewhat similar to the BitTorrent protocol which, too, is a distributed network where file exchange takes place directly between the users’ devices.<\/p>\n

By default, uploading a file to IPFS or downloading it requires special software (IPFS client). For users to view the files residing in IPFS freely without installing any software, the so-called gateways are provided. A gateway is in fact a server with access to IPFS. To open a file via a gateway, a URL is required normally containing a gateway address, reference to IPFS, and the file’s CID. URL formats can be quite different, for example:<\/p>\n