Back to Blog
Craigslist desktop shortcut6/6/2023 ![]() “A more detailed description of the problem is available in this form. “Our platform’s content publishing policy explicitly prohibits inappropriate content, your ad has received many red flags,” the email read. And shoot they did - a number of times in early October.” Email Attack They can shoot their poisoned arrows from behind a local mail proxy. “This situation suits phishers just fine. “Craigslist knows the identities of everyone, but unless a correspondent discloses details, they are perfectly anonymous to others on the system,” INKY continues. “Since the URL to resolve the issue hosted a customized document placed on Microsoft OneDrive, it did not appear on any threat intelligence feed, allowing it to slip past most security vendors,” the research team says. The victim believes they are following real instructions but are really being directed to malware. This document mimics legit software like Norton and DocuSign. ![]() INKY reports the attackers were able to hijack Craigslist’s email network and change the email HTML to a custom message that has a malware download link on Microsoft OneDrive. One problem is the instructions and the whole email are fake. In the emails, users are told that an add they placed on the platform is in violation of terms and conditions.Īccompanying the warning are instructions for the user to avoid their account being removed. In fact, the messages come from a real Craigslist IP, making them seem authentic. It seems the email system was used to send legitimate looking message. Security researchers for INKY found Craigslist’s internal email network was breached in a targeted attack aimed at Microsoft OneDrive users. Craigslist may be the place people head to buy second-hand goods, but it also now being used by threat actors to bypass Microsoft Office security.
0 Comments
Read More
Leave a Reply. |