Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email gateways that are designed to block spam messages with malicious URLs. Researchers have observed an uptick in attacks targeting banking, power and media industries using this technique.

The hack abuses WeTransfer’s file sharing service, which allows any user to upload a file and share it with someone via an email link. Things get dicey when that file is an HTM or HTML file redirecting to a phishing landing page.

“The email body is a genuine notification from WeTransfer which informs the victim that a file has been shared with them,” wrote Jake Longden, threat analyst with Cofense, in a blog post outlining the hack.

To abuse the service, first a user inputs a “from” email address and a recipient email address into the WeTransfer interface and uploads a file. Next, the sender can customize a message that the recipient sees.

“Here, the threat actor will often write a note stating that the file is an invoice to be reviewed,” Longden wrote. This is a common phishing ploy to pique the user’s interest, he added.
Read more below:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top