Hackers are abusing a Craigslist security flaw to infect devices

By Scott Marlette Last updated Oct 26, 2021

A new email phishing campaign is seeing malicious actors abusing a vulnerability in the Craigslist mailing system to distribute malware.

According to the report from INKY, a malicious actor (or multiple actors) somehow managed to compromise the Craigslist mailing system and started sending out notifications to active users of the platform. The email notification, a simple message with just a few sentences and a button, warned the user that their recent ad included inappropriate content and violated Craigslist’s terms.

The button in the email claims to forward the reader to the platform, in order to remedy the problem. However, simply hovering the mouse over the button reveals the real link – a Russian domain – myjino[.]ru.

Abusing legitimate hosting sites

If the victim tries to remedy the issue by following the instructions in the email and clicking the link in the message, they would be sent to a customized document, uploaded to Microsoft OneDrive. So, in this campaign, a legitimate hosting service was abused to host a malicious file.

The victims were then instructed to download that file, fill out the form, and return it to [email protected].

Clicking the download button, the victim would receive a compressed file named “form_1484004552-10012021.zip.” Uncompressing it gets them a spreadsheet, with macros enabled, titled “form_1484004552-10012021.xls”. This file was already flagged as malicious, by multiple security vendors.

To add to the “legitimacy” of the document, the malicious actors also added logos of DocuSign, Norton and Microsoft. Running the malware in a sandbox environment, the researchers said it “created and modified” multiple files. The malware also tried to connect to an external server, in order to download additional components, or possibly exfiltrate data. However, attempts received a “404 not found” error.

Looking to stay safe online? You should also check out our rundown of the best ransomware protection services out there today

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.