silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Read more below:Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email gateways that are designed to block spam messages with malicious URLs. Researchers have observed an uptick in attacks targeting banking, power and media industries using this technique.
The hack abuses WeTransfer’s file sharing service, which allows any user to upload a file and share it with someone via an email link. Things get dicey when that file is an HTM or HTML file redirecting to a phishing landing page.
“The email body is a genuine notification from WeTransfer which informs the victim that a file has been shared with them,” wrote Jake Longden, threat analyst with Cofense, in a blog post outlining the hack.
To abuse the service, first a user inputs a “from” email address and a recipient email address into the WeTransfer interface and uploads a file. Next, the sender can customize a message that the recipient sees.
“Here, the threat actor will often write a note stating that the file is an invoice to be reviewed,” Longden wrote. This is a common phishing ploy to pique the user’s interest, he added.
Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns
WeTransfer is being used by hackers to circumvent email gateways looking to zap malicious links.
threatpost.com