Attackers can use a subdomain hosted on *.ngrok.io to host their phishing website.
Command and Control
Attackers can use *.ngrok.io for C&C purposes.
Attackers can upload files on websites hosted on *.ngrok.io.
Malicious tools can be stored on an attacker's domain and then have it hidden behind *.ngrok.io and used to download files when needed.
Last Update: 2021-11-21