You have probably used url shorteners to make long, bulky links shorter and easier to send, but did you know that hackers are now able to access your devices using this technology.
They are used by hackers to hide phishing pages and links that lead to malicious websites. According to research, link shorteners can be used at various phases of a cyberattack.
For instance, a recent attack redirected users to fake payment pages designed to steal credit card information by using a link shortening provider. In a another instance, in the spring of 2023, a Dropbox URL that directed users to download harmful files was tracked via the usage of a link shortener.
What are URL Shorteners ?
Online applications called link shorteners reduce long website URLs into shorter ones that are simpler to share and recall.
They replace out the lengthy, complicated URL for a shorter, more manageable one that frequently consists just of letters and digits. This lowers the character count and facilitates the sharing of links via text, email, and social media.
Google’s URL shortener, Bitly, and TinyURL are a few well-known link shortening services. These technologies make it easier to share material by shortening URLs.
Let’s take example of this article by hackingblogs and try to shorten it’s url
Now We Can Easily Access this webpage using the shortened Link.
How Do these URL Shortner Work ?
A URL shortening service creates a unique, short URL, typically of less than ten characters, that maps to a longer URL and points to the same location. Usually, the data is kept in hash maps or tables as key-value pairs, with the original, longer URL serving as the value and the short URL serving as the key.
Say you used the bit.ly URL shortening service to shorten some long URL that is 100’s of characters long. The service will generate a unique code comprised of alphanumerical characters (A-Z, a-z, 0-9) for the key. The short URL is typically the domain name, 'bit.ly', plus the generated code, like 'abc123', making the full URL 'bit.ly/abc123'. Then, the original, longer URL will be mapped to this shortened URL in the database. It will look something like the following,
Now, the short URL will take users to the same location as the long URL it maps to when they visit it.
How Are Hacker using this technology for there advantage
‘Reverse tunnel’ services and URL shorteners are used in this strategy to initiate mass phishing campaigns. Threat actors can, instead, host phishing pages on arbitrary URLs using their local computers. These may help in avoiding detection by URL scanning programmes. Afterwards, the groups can use URL shortening services to further hide their identity.
Top URL shortening increases the difficulty of tracking down the attack and increases the likelihood that victims may fall for scams. The majority of reverse tunnel URLs are temporary, usually lasting only 24 hours, therefore this complicates attribution and punishment even more.
It is well known that hackers hide their genuine landing pages by using URL shortening services. It works incredibly well for clickbait scams on social media. Because authorities cannot simply blacklist a link from bitly.com or goo.gl, some hackers believe that utilising URL shorteners in site injections lessens the likelihood that the link would be reported as malicious.
