JotURL – More than just a URL shortener.

JotURL – More than just a URL shortener.

14.Oct.2021

Thanks to a fellow researcher that goes by the name of Joff Thyer, we experienced an " AHA!" moment today when he told us about this neat little gadget called JotURL.

JotURL is a URL shortener and sharing tool that allows you to share up to 10 URLs in just one jot!  WHAT! Yes, only one jot is needed per 10 links instead of using multiple GOS or U2F scripts. It's incredibly useful and cool at the same time and it even has educational purposes so the kiddies won't be confused with all those other tools around.

It's not without its shortcomings though since it doesn't support organization accounts but that can easily be forgiven. This is not the only feature of the application since it also allows you to track how many times your links were clicked by counting the number of "Jots" that are left in the link. It's really simple, all you have to do is make a jot containing 10 links and every time someone clicks on one of them, it will count as 1 jot. Pretty neat, right?

So what does this mean for us? Well, more than just a URL shortener actually… This is actually an exploit kit disguised as a URL shortener! I know it sounds crazy but hear me out first. The idea behind JotURL is to share links with other people (mostly those who don't use Twitter or Facebook for sharing purposes.) What we can do is use that to our advantage and host a malicious URL on joturl.com for others to click willingly without knowing that they just clicked a link leading them to an exploit kit.

Using this method, we can create a pretty foolproof phishing campaign! All we have to do is collect some credentials from our target before sending it over to the "URL collector" so he/she won't know what's going on when clicking on those links. And since JotURL allows us to track how many times each link was clicked, all you have to do after collecting the credentials is wait for your victim(s) to click one of them then look at which link has been clicked most often indicating that someone actually fell for it!

Pretty neat, is it not? And quite efficient as well if done right. Since we're looking at a social engineering campaign here and most of the time people tend to trust each other and be friendly and all and most people use social media for this type of stuff, we can send our links via private messages or even in chat rooms so they won't be suspicious when clicking on them. Forget about working hours too since with this method, you can fool your victim(s) any time of the day depending on where he/she is located geographically speaking. People are always logged into their social media accounts whenever there is free time whether that's during their lunch break or before going to sleep. If someone me a link via Facebook Messenger, they will click on it right away disregarding any warnings that may pop up like "Warning! Possible phishing attempt!" since they're already logged into Facebook which means the link is legitimate.

The JotURL app can be downloaded for free from the following locations;

Mac OS X 10.8+ (Intel), Mac OS X 10.6+ (PowerPC), Windows XP, Vista, 7 & 8 32-bit/64-bit , iOS 3.1 or later and Android 2.2 or later.

Please note that you must have Adobe Air installed to use this application since it's required by the application itself in order to run smoothly without any hiccups. The good news though is that Adobe has compiled a list of common issues and their solutions HERE .

The application can also be installed from the Mac App Store or from Adobe's website. The rest is pretty self-explanatory so have fun with it but do remember to always exercise caution when clicking on suspicious links since there are a lot of phishers out there who wants nothing else than to steal your vital information so use this tool wisely. You can download JotURL here.

This is the end of the article, thanks for reading! And don't forget to like our Facebook Page by clicking here ! See you guys next time, bye bye!

Categorised as: Fun & Games | How To's | Tools and Software | phishing

Comments are disabled on this post.

Did you know that our site is now faster than ever before? Our pages now load at lightning speed, we have more available bandwidth for you to download all your favourite images and videos and our content is always up to date! What could you possibly want more? The address hasn't changed nor has anything else really so why not bookmark us and visit us whenever you feel like it. See you guys soon and remember to check back often for new stuff! Love y'all :)

Categorised as: Articles | Fun & Games | How To's | News and Updates

Comments are disabled on this post.

Did you know that our site is now faster than ever before? Our pages now load at lightning speed, we have more available bandwidth for you to download all your favourite images and videos and our content is always up to date! What could you possibly want more? The address hasn't changed nor has anything else really so why not bookmark us and visit us whenever you feel like it. See you guys soon and remember to check back often for new stuff! Love y'all :)

 

 

We are social