shadowmirror

Shadowmirror refers to a specific type of phishing attack that exploits the use of legitimate cloud-based services to store and distribute malicious content. Instead of hosting malware or phishing pages on compromised servers or dedicated malicious infrastructure, attackers leverage cloud storage platforms like Dropbox, Google Drive, or OneDrive. They create links to files or documents hosted on these services that, when opened, either download malware or redirect users to phishing websites designed to steal credentials.

The "shadow" in shadowmirror refers to the obscuring of the malicious activity by using trusted, well-known