Security News > 2021 > July > Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware

Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware
2021-07-29 16:00

Chipotle.com, the deception would be evident upon examining the raw email header data.

"It is important that recipients notice the discrepancy between a sender's display name and its actual email address," wrote Bukar Alibe, cyber security analyst at INKY, in a blog post provided to The Register.

This particular approach to phishing was employed successfully by the Nobelium group infamous for its attack on SolarWinds: the reportedly Kremlin-run gang used the United States Agency for International Development's email marketing account at Constant Contact, a Mailgun competitor, to distribute malware.

One advantage of hijacking email marketing accounts is that such services tend to make an effort to ensure their messages get delivered by minimizing reputation-tarnishing spam and applying messaging security technology like SPF, DKIM, and DMARC. However, in an email to The Register, Alibe said the messages were caught before sender credibility came into play.

"We have seen phishing emails and sites impersonate Mailgun to harvest Mailgun credentials so it's highly probable that a Chipotle employee was a credential harvesting victim," he said.

Baggett said it's possible a Chipotle employee opened an email attachment with malware that led to the compromise of the employee's account or device.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/29/mailgun_chipotle_malware_spam/