Monday, October 7, 2024
Homecyber securityHackers Abuse Website Contact Forms To Deliver Sophisticated IcedID Malware

Hackers Abuse Website Contact Forms To Deliver Sophisticated IcedID Malware

Published on

The security researchers at Microsoft have recently detected that hackers are continuously abusing legitimate corporate contact forms to send phishing emails.

The main motive of abusing and sending phishing emails to the enterprises so that the threat actors can threaten targeted enterprises with legitimate-looking lawsuits, and not only this but the threat actors also try to affect them with the IcedID info-stealing malware.

Why is This Threat Unusual? 

Now the question arises that why this threat is unusual? According to the cybersecurity analysts, there is some reason, and here they are mentioned below:-

- Advertisement - EHA
  • The hacker’s main motive is to abuse legitimate enterprises, and among all the website Contact form is at the top; rather than this, the threat actors are using the legitimate URLs so that they can pretend to be legitimate and consequently users will believe them.
  • Generally, these emails are used for observing and exfiltrating the data, and not only this, but these emails can circulate more malware payloads that include all kind of ransomware.
  • This kind of attacks are very common and frequent too, and such attackers generally target the services that are exposed to the internet. Therefore every organization must follow the protection that are against such threat actors.

Website Contact Forms Are Abused

According to the security experts, every website has a contact form page; with the help of such pages, the site visitors can easily communicate with the site owner and can easily know the details and information that the visitors were seeking for.

Moreover,  Emily Hacker and Justin Carroll, the analysts of the Microsoft threat intelligence team, affirmed that they found “an influx of contact form emails that are targeted at enterprises so that they can abuse the contact forms of companies.”

However, using such phishing methods, the threat actors can easily circumvent the targeted enterprise’s secure email gateways. Not only this, but the threat actors are continuously increasing their phishing messages so that the chances of attack will generally get doubled.

Capabilities of The Mmalware 

The experts have detected the list of capabilities of the malware that is mentioned below:-

  • Understanding the IP and system information
  • Dropping SQLite for accessing credentials stored in browser databases
  • Machine discovery
  • Obtaining machine AV info
  • Domain information

Contact Form Email Attack Chains Lead to IcedID Malware

After investigating the whole matter, the analysts found that there are two chains of attacks, one is a primary attack chain, and another is the secondary attack chain, and both the chains were kept under the execution and resolution stages.

But, the primary attack chain generally accompanies an attack that flows from downloading malicious .zip file from the sites.google.com link that comes directly from the IcedID payload.

This kind of attack shows that the hackers are always on the hunt for such an attack so that the threat actors can easily infiltrate the networks. 

Not only this, but the threat actors often target services revealed to the internet. That’s why the experts also asserted that every organization must assure that they must have protections against such threats.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Hackers Attacking AI Agents To Hijacking Customer Sessions

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which...

Malicious App On Google Play Steals Cryptocurrency From Android Users

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto...