Top document publishing services are being spoofed to send out malware
Hackers are always looking for new ways to bypass email security
Hackers have found yet another cloud-based service they can use to bypass email protection and land phishing emails straight into people’s inboxes.
Security researchers from Cisco Talos have reported observing malicious files built on digital document publishing (DDP) platforms, such as Publuu, Marq, FlipSnack, Issuu, FlippingBook, RelayTo and SimpleBooklet. These platforms allow users to create interactive flipbooks out of PDF files.
The hackers would create countless free trial accounts, and use them to generate flipbooks containing links to malicious landing pages. They then use the platforms to distribute the documents to their victims.
Malicious files with an expiration date
Since the emails would come from a legitimate, trusted source, most of them would make it past email security gateways and into people’s inboxes. Victims could also be inclined to open the documents, given the perceived trustworthiness of the sender.
"Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate," Cisco Talos researcher Craig Jackson said.
Another advantage of DDP sites lies in the fact that the files hosted there have an expiry date, and get deleted after some time. That makes analysis difficult, since by the time security researchers are notified, the files are already long gone.
The goal of the campaign, the researchers further explained, is to harvest Microsoft 365 credentials, as the links in the flipbook files usually lead to fake Microsoft 365 login pages.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Hackers abusing software-as-a-service (SaaS) to deliver phishing emails is nothing new. Even Google’s own productivity suite, Workspace, was abused, as Docs files, for example, can be shared with many recipients directly through the platform.
More from TechRadar Pro
- Microsoft Outlook bug let hackers bypass email security protections
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.