Security News > 2021 > April > Hackers Using Website's Contact Forms to Deliver IcedID Malware

Microsoft has warned organizations of a "Unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.

IceID is a Windows-based banking trojan that's used for reconnaissance and exfiltration of banking credentials, alongside features that allow it to connect to a remote command-and-control server to deploy additional payloads such as ransomware and malware capable of performing hands-on-keyboard attacks, stealing credentials, and moving laterally across affected networks.

Microsoft researchers said the attackers might have used an automated tool to deliver the emails by abusing the enterprises' contact forms while circumventing CAPTCHA protections.

The ZIP file contains a heavily obfuscated JavaScript file that downloads the IcedID malware.

The novel intrusion route notwithstanding, the attacks are yet another sign of how threat actors constantly tweak their social engineering tactics to target companies with an intent to distribute malware while evading detection.

"The scenarios offer a serious glimpse into how sophisticated attackers' techniques have grown, while maintaining the goal of delivering dangerous malware payloads such as IcedID," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/zVzBu5SMqGo/hackers-using-websites-contact-forms-to.html