Security News > 2021 > April > Hackers Using Website's Contact Forms to Deliver IcedID Malware
Microsoft has warned organizations of a "Unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.
IceID is a Windows-based banking trojan that's used for reconnaissance and exfiltration of banking credentials, alongside features that allow it to connect to a remote command-and-control server to deploy additional payloads such as ransomware and malware capable of performing hands-on-keyboard attacks, stealing credentials, and moving laterally across affected networks.
Microsoft researchers said the attackers might have used an automated tool to deliver the emails by abusing the enterprises' contact forms while circumventing CAPTCHA protections.
The ZIP file contains a heavily obfuscated JavaScript file that downloads the IcedID malware.
The novel intrusion route notwithstanding, the attacks are yet another sign of how threat actors constantly tweak their social engineering tactics to target companies with an intent to distribute malware while evading detection.
"The scenarios offer a serious glimpse into how sophisticated attackers' techniques have grown, while maintaining the goal of delivering dangerous malware payloads such as IcedID," the researchers said.
News URL
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)