Security News > 2021 > October > Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Musical instruments, motorcycle parts and now malware - Craigslist really does have it all.
The Craigslist internal email system was hijacked by attackers this month to deliver convincing messages messages, ultimately aimed avoiding Microsoft Office security controls to deliver malware.
Sent from an authentic Craigslist IP address, the emails informed users that a published ad of theirs included inappropriate content and violated Craigslist.
According to INKY's report, threat actors were able to abuse that Craigslist email system and and deliver authentic-looking phishing emails to users who were actively trying to sell something on the site.
The phishing emails looked like a notice from Craigslist that the user's ad contained inappropriate content.
INKY advised Craigslist users to be on the lookout for these kinds of attacks, and added that any emails that seem unusual should be viewed as potentially malicious.
News URL
https://threatpost.com/attackers-hijack-craigslist-email-malware/175754/
Related news
- Phishers send corrupted documents to bypass email security (source)
- Threat actors are stepping up their tactics to bypass email protections (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)