Friday, March 29, 2024

Hackers Abuse Website Contact Forms To Deliver Sophisticated IcedID Malware

The security researchers at Microsoft have recently detected that hackers are continuously abusing legitimate corporate contact forms to send phishing emails.

The main motive of abusing and sending phishing emails to the enterprises so that the threat actors can threaten targeted enterprises with legitimate-looking lawsuits, and not only this but the threat actors also try to affect them with the IcedID info-stealing malware.

Why is This Threat Unusual? 

Now the question arises that why this threat is unusual? According to the cybersecurity analysts, there is some reason, and here they are mentioned below:-

  • The hacker’s main motive is to abuse legitimate enterprises, and among all the website Contact form is at the top; rather than this, the threat actors are using the legitimate URLs so that they can pretend to be legitimate and consequently users will believe them.
  • Generally, these emails are used for observing and exfiltrating the data, and not only this, but these emails can circulate more malware payloads that include all kind of ransomware.
  • This kind of attacks are very common and frequent too, and such attackers generally target the services that are exposed to the internet. Therefore every organization must follow the protection that are against such threat actors.

Website Contact Forms Are Abused

According to the security experts, every website has a contact form page; with the help of such pages, the site visitors can easily communicate with the site owner and can easily know the details and information that the visitors were seeking for.

Moreover,  Emily Hacker and Justin Carroll, the analysts of the Microsoft threat intelligence team, affirmed that they found “an influx of contact form emails that are targeted at enterprises so that they can abuse the contact forms of companies.”

However, using such phishing methods, the threat actors can easily circumvent the targeted enterprise’s secure email gateways. Not only this, but the threat actors are continuously increasing their phishing messages so that the chances of attack will generally get doubled.

Capabilities of The Mmalware 

The experts have detected the list of capabilities of the malware that is mentioned below:-

  • Understanding the IP and system information
  • Dropping SQLite for accessing credentials stored in browser databases
  • Machine discovery
  • Obtaining machine AV info
  • Domain information

Contact Form Email Attack Chains Lead to IcedID Malware

After investigating the whole matter, the analysts found that there are two chains of attacks, one is a primary attack chain, and another is the secondary attack chain, and both the chains were kept under the execution and resolution stages.

But, the primary attack chain generally accompanies an attack that flows from downloading malicious .zip file from the sites.google.com link that comes directly from the IcedID payload.

This kind of attack shows that the hackers are always on the hunt for such an attack so that the threat actors can easily infiltrate the networks. 

Not only this, but the threat actors often target services revealed to the internet. That’s why the experts also asserted that every organization must assure that they must have protections against such threats.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles