Security News > 2022 > March > Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.

"The emails use a social engineering technique of conversation hijacking," Israeli company Intezer said in a report shared with The Hacker News.

"A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate."

While earlier IcedID campaigns have taken advantage of website contact forms to send malware-laced links to organizations, the current version of the attacks bank on vulnerable Microsoft Exchange servers to send the lure emails from a hijacked account, indicating a further evolution of the social engineering scheme.

The idea is to send fraudulent replies to an already existing email thread plundered from the victim's account by using the compromised individual's email address to make the phishing emails appear more legitimate.

"By using this approach, the email appears more legitimate and is transported through the normal channels which can also include security products."

News URL

https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html