Cybercriminal offers email implant software that dodges traditional security platforms

Cybercriminal offers email implant software that dodges traditional security platforms
Written by Nov 12, 2020 | CYBERSCOOP

Imagine if cybercriminals didn’t have to send a malicious email for their victims to get the message anyway.


That’s a tool one hacker is advertising on a dark web forum, according to research Gemini Advisory released Wednesday. And because the email can be implanted rather than sent, it has the potential to bypass  security that inspects messages as they’re en route to their destination server, researchers said.


“The software poses a significant threat as it raises the success rate of malware attacks, allows for more sophisticated phishing and business email compromise (BEC) campaigns, and opens the door for technically simple ransomware-like attacks,” according to a blog post from the Miami-based threat intelligence company.


The trick to implanting the email via the “Email Appender” software goes like this, Gemini Advisory explained:


First, attackers must obtain valid email addresses and associated passwords, often available on the dark web at a low cost. Then the attacker has to upload the compromised credentials into Email Appender, which checks the credentials and connects to the accounts through the Internet Message Access Protocol, a standard protocol email clients use to retrieve messages. From there, attackers can use an IMAP feature that allows an authenticated user to append a message to their inboxes, and can amend the “Sender,” “From” and “Reply-To” fields.


“This was something that seems to be fairly unique,” said Stanislav Alforov, Gemini Advisory’s director of research.


Alforov said the hacker advertising Email Appender has offered other services in the past, and appears to have ..

Support the originator by clicking the read the rest link below.