I guess we can add wetransfer, the newest file transfer program that I was made aware of to the list of services that criminals are using to get their wares out.
https://we.tl/t-ZR52D6sDAm is a link to the last available technology podcast which was number 359 of that series. I had been meaning to record, but other things came up and of course the Security Box came up.
According to a recent article, there is a different type of link that the actors are using to get their wares out.
According to the legitiment wetransfer email, the sender matches what you’d get from wetransfer. The subject line has the email address sent you files using wetransfer.
The legitiment file transfer will explain what the file is by giving you the description of the file like you’ll see through the clickable link.
The link in this article will not be linked but it is: hxxps://wetransfer[.]com/downloads/52d55eeb42591d9ebbffe5326326858320210218183005/8b80cbbd9c1b8f7695b8de69e995ebee20210218183005/8c0cd5?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email and is a lot longer than the URL that is linked above.
The download button is on the web page of wetransfer’s legitament links, not on the llink like you see here.
The other two domains used are box.com and Google Documents just to add to insult to injury.According to box.com, they’re a collaberation tool, nd of course we know well about Google Documents which has been used for things like this for many years.
ZLoader was known for being a banking trojan, but it seems now to be picking up where other malware families got dropped.
Want to learn more? Surge in ZLoader Attacks Observed is the article. It is written by Phish Lab’s Jessica Ellis. Do read the article, it is definitely worth the read and thanks for listening and reading!
P.S. The link to podcast 359 linked here expires in one week.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.