Phishing
Attackers can use a subdomain hosted on *.ngrok.io to host their phishing website.
Command and Control
Attackers can use *.ngrok.io for C&C purposes.
Exfiltration
Attackers can upload files on websites hosted on *.ngrok.io.
Download
Malicious tools can be stored on an attacker's domain and then have it hidden behind *.ngrok.io and used to download files when needed.
Created: 2021-11-21
Last Update: 2021-11-21
Credits: umairq_