It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment.
To support these activities, attackers seek out tools that assist in the mass sending of malspam (malicious spam) emails from a compromised website. PHP scripts like Leaf PHPMailer are well suited for this task.
Hacktool Analysis: Leaf PHPMailer
Leaf PHPMailer is a PHP mailer hacktool that lets an attacker send out large amounts of malspam emails from a compromised website’s web server.
When the tool is loaded, it leverages the LeafPHP mailer library to distribute the spam. It contains various text fields that allow the attacker to input custom data for important email fields:
Email = The email address that will be forged as the “From:” addressSender Name = The name of the forged sender Email address – for example, this fake Amazon Support name in this screenshot:
Reply-to = The email address that will receive any replies to the sent email, may be left blank if no reply expectedSubject = String of text used to capture attentionMessage Letter = Body content of the emailEmail List = A list of recipient email addresses
These fields make it easy for the attacker to forge email headers to manipulate the appearance of the sender and deceive recipients, masking the true source of the email.
Malspam Transmission
After inputting the desired valu ..
Support the originator by clicking the read the rest link below.
