Attackers Leverage IMAP to Infiltrate Email Accounts
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.
A newly detected wave of spam emails is bypassing transport layers and landing in mailboxes, Vade Secure researchers report.
This campaign sent 300,000 spam messages to a single customer in one day and has been seen in France, Italy, Denmark, and the United States. Researchers suspect the attackers are using a tool called Email Appender, which is available on the Dark Web and can be used to connect with compromised email accounts via IMAP.
Email Appender, first reported in October, lets attackers validate compromised email credentials they steal or buy on the Dark Web. They can use the tool to configure a proxy to avoid IP detection, draft a malicious email, and deliver spam straight into a user's account. Attackers can customize their malicious emails to include the display name of the sender's address and provide a reply-to address.
Researchers say this incident is being addressed by shutting down compromised accounts and resetting affected credentials. They note while this incident mostly delivers spam, it's a sign attackers are practicing the new technique before using it to distribute phishing and malware campaigns.
Read Vade Secure's blog for more details.
About the Author
You May Also Like