Cybercriminals found a new way to insert messages into their potential victims’ inbox. So, according to research Gemini Advisory, a hacker is advertising a new tool on a dark web forum.
Thus, the attackers do not have to send the malicious emails, but implant them. So, this means, according to the researchers, that the messages can bypass the security systems easier.
It is a “significant threat” from cybercriminals
In a blog post, the company mentioned that: “The software poses a significant threat as it raises the success rate of malware attacks.”
According to the security experts, it allows cybercriminals start more sophisticated phishing and business email compromise (BEC) campaigns. Moreover, it may open the door for technically simple ransomware-like attacks.
How they trick users
Gemini Advisory explained the way attacks happen using the “Email Appender” new technique.
So, first, attackers do what they have to in order to obtain valid email addresses and their passwords. Usually, they buy them from the dark web, at a very low cost.
Afterwards, the attackers have to upload the credentials that were compromised, into Email Appender. This checks them and then connects to these accounts, using the Internet Message Protocol (IMP).
Email clients use IMP – a standard protocol, in order to recover messages. It is the place where attackers use the feature which allows them add a message in the inbox, without authentication.
Then, cybercriminals amend the important fields, such as the “Sender,” “From” and “Reply-To”. Stanislav Alforov, Gemini Advisory’s director of research, considers this technique as being unique.
Also, according to Alforov, the hacker who advertised Email Appender had also offered other services before. Moreover, he built a “reputation” in dark web forums.
People offered a “positive feedback” for a video he had uploaded on YouTube. This came especially from users who mentioned they tested and used the Email Appender.
What we should do to stay safe
The best way to keep our accounts away from the Email Appender, Alforov said, is to enable multi-factor authentication. Thus, it seems that once an account is protected with more than just a password, the malicious software can’t do its job.