Hackers Abuse Website Contact Forms To Deliver Sophisticated IcedID Malware

The security researchers at Microsoft have recently detected that hackers are continuously abusing legitimate corporate contact forms to send phishing emails.

The main motive of abusing and sending phishing emails to the enterprises so that the threat actors can threaten targeted enterprises with legitimate-looking lawsuits, and not only this but the threat actors also try to affect them with the IcedID info-stealing malware.

Why is This Threat Unusual? 

Now the question arises that why this threat is unusual? According to the cybersecurity analysts, there is some reason, and here they are mentioned below:-

• The hacker’s main motive is to abuse legitimate enterprises, and among all the website Contact form is at the top; rather than this, the threat actors are using the legitimate URLs so that they can pretend to be legitimate and consequently users will believe them.
• Generally, these emails are used for observing and exfiltrating the data, and not only this, but these emails can circulate more malware payloads that include all kind of ransomware.
• This kind of attacks are very common and frequent too, and such attackers generally target the services that are exposed to the internet. Therefore every organization must follow the protection that are against such threat actors.

Website Contact Forms Are Abused

According to the security experts, every website has a contact form page; with the help of such pages, the site visitors can easily communicate with the site owner and can easily know the details and information that the visitors were seeking for.

Moreover,  Emily Hacker and Justin Carroll, the analysts of the Microsoft threat intelligence team, affirmed that they found “an influx of contact form emails that are targeted at enterprises so that they can abuse the contact forms of companies.”

However, using such phishing methods, the threat actors can easily circumvent the targeted enterprise’s secure email gateways. Not only this, but the threat actors are continuously increasing their phishing messages so that the chances of attack will generally get doubled.

Capabilities of The Mmalware 

The experts have detected the list of capabilities of the malware that is mentioned below:-

• Understanding the IP and system information
• Dropping SQLite for accessing credentials stored in browser databases
• Machine discovery
• Obtaining machine AV info
• Domain information

Contact Form Email Attack Chains Lead to IcedID Malware

After investigating the whole matter, the analysts found that there are two chains of attacks, one is a primary attack chain, and another is the secondary attack chain, and both the chains were kept under the execution and resolution stages.

But, the primary attack chain generally accompanies an attack that flows from downloading malicious .zip file from the sites.google.com link that comes directly from the IcedID payload.

This kind of attack shows that the hackers are always on the hunt for such an attack so that the threat actors can easily infiltrate the networks. 

Not only this, but the threat actors often target services revealed to the internet. That’s why the experts also asserted that every organization must assure that they must have protections against such threats.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.