There’s a new phishing scam going around where hackers are disguising malware as WeTransfer links.
So if you get an email from an unknown person, sharing a ‘Proof of Payment’ document from WeTransfer, it’s most likely malware.
WeTransfer is a free file-sharing site used by several workers and businesses. Hackers have figured out a way to use this to get around security software that detects URLs in emails.
Cybersecurity researchers from Cofense have found that hackers are now distributing a malware called Lampion using a misleading WeTransfer link as reported by Bleeping Computer.
Lampion malware operators are reportedly sending these phishing emails using hacked business accounts, prompting receivers to download a ‘Proof of Payment’ file from WeTransfer.
The file the targets receive is a ZIP archive containing a VBS (Virtual Basic script) file the victim needs to launch for the attack to begin.
Lampion is a known computer virus, capable of stealing sensitive data, such as banking information and passwords. The Lampion trojan has been around since at least 2019, focusing mainly on Spanish-speaking targets and using compromised servers to host its malicious ZIPs.
What makes this campaign more dangerous than other, similar campaigns, is the use of a legitimate file transfer service like WeTransfer, making it extremely difficult for email security systems to flag as malicious.
The hackers are also abusing Amazon Web Services (AWS) to operate the Lampion malware.
Email is still one of the best ways to distribute viruses, malware, or ransomware, despite the fact that email protection tools have gotten better over the years.
What is phishing?
Phishing is a type of cyber attack often used to steal user data, including login credentials and credit card numbers.
It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.