Attackers can upload malicious files to transfer.sh and share the direct download link to users.
Attackers can exfiltrate data using transfer.sh either using the command line or through uploading files and sharing the link to themselves to download the exfiltrated data.
Attackers can keep their tools stored on transfer.sh and when required, use the custom link to download.
Last Update: 2022-01-20
Credits: Adithya -@ravooriadithya