On the fake page, visitors could encounter a fraudulent login prompt, a deceptive download button, or a counterfeit payment gateway. These tactics aim to trick unsuspecting users into unknowingly downloading malware, revealing personal identity information, or making fraudulent payments. In less severe cases, hackers might redirect visitors to pages featuring ads, attempting to generate revenue through increased visits and clicks.
The Cybernews team also disclosed that another security researcher independently discovered the same flaw in mid-January. Given NASA’s failure to address the vulnerability promptly, despite being notified, it is highly likely that a malicious actor could have also discovered and exploited it.
