Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”

Musical instruments, motorcycle parts and now malware — Craigslist really does have it all.

The Craigslist internal email system was hijacked by attackers this month to deliver convincing messages messages, ultimately aimed avoiding Microsoft Office security controls to deliver malware.

Sent from an authentic Craigslist IP address, the emails informed users that a published ad of theirs included inappropriate content and violated Craigslist‘s terms and conditions, giving false instructions on how to avoid having their accounts deleted.

Researchers at INKY discovered that the attackers manipulated the email’s HTML into a customized document with a malware-download link uploaded to a Microsoft OneDrive page. That page impersonated major brands like DocuSign, Norton and Microsoft.

That also allowed the campaign to slip past standard email authentication.

“Since the URL to resolve the issue hosted a customized document placed on Microsoft OneDrive, it did not appear on any threat intelligence feed, allowing it to slip past most security vendors,” the researchers noted in a posting this week.

Abusing Anonymity

Craigslist is more than one gigantic yard sale. Its internal email system also lets interested buyers

Read More: https://threatpost.com/attackers-hijack-craigslist-email-malware/175754/