Hackers are abusing a Craigslist security flaw to infect devices

(Image credit: Shutterstock)

A new netmail phishing safari is seeing malicious actors abusing a vulnerability in the Craigslist posting organization to distribute malware.

Reported to the report from Achromatic, a bitchy actor (or multiple actors) somehow managed to compromise the Craigslist posting system and started sending out notifications to active users of the platform. The email notification, a two-needled message with vindicatory a few sentences and a button, warned the user that their recent anno Domini included inappropriate content and violated Craigslist's terms.

The button in the email claims to frontwards the reviewer to the platform, in order to rectify the job. Notwithstandin, simply hovering the mouse over the button reveals the real yoke - a Russian domain - myjino[.]ru.

Abusing legalise hosting sites

If the dupe tries to remedy the emerge past following the instructions in the email and clicking the data link in the substance, they would be sent to a customized document, uploaded to Microsoft OneDrive. So, therein take the field, a legitimate hosting service was abused to host a malicious file.

The victims were then instructed to download that filing cabinet, fill verboten the form, and return it to violations@craigslist.org.

Clicking the download button, the dupe would meet a compressed lodge named "form_1484004552-10012021.zip." Uncompressing it gets them a spreadsheet, with macros enabled, titled "form_1484004552-10012021.xls". This file was already flagged American Samoa malicious, by multiple security vendors.

To add to the "legitimacy" of the document, the vindictive actors also added logos of DocuSign, Norton and Microsoft. Run the malware in a sandbox environment, the researchers said it "created and modified" multiple files. The malware also tried to get in touch to an foreign server, in order to download additional components, or possibly exfiltrate data. However, attempts standard a "404 non set up" error.

Looking to stay safe online? You should as wel feel out our summation of the Best ransomware protection services out there today