Monday, September 26, 2022
Home Tech News Hackers are using WeTransfer links to spread malware

Hackers are using WeTransfer links to spread malware

Lampion is a known computer virus, capable of stealing sensitive data, such as banking information and passwords (Picture: Unsplash)

There’s a new phishing scam going around where hackers are disguising malware as WeTransfer links.

So if you get an email from an unknown person, sharing a ‘Proof of Payment’ document from WeTransfer, it’s most likely malware. 

WeTransfer is a free file-sharing site used by several workers and businesses. Hackers have figured out a way to use this to get around security software that detects URLs in emails.

Cybersecurity researchers from Cofense have found that hackers are now distributing a malware called Lampion using a misleading WeTransfer link as reported by Bleeping Computer.

Lampion malware operators are reportedly sending these phishing emails using hacked business accounts, prompting receivers to download a ‘Proof of Payment’ file from WeTransfer.

Computer code

There’s a new phishing scam going around where hackers are disguising malware as WeTransfer links (Picture: Unsplash)

The file the targets receive is a ZIP archive containing a VBS (Virtual Basic script) file the victim needs to launch for the attack to begin.

Lampion is a known computer virus, capable of stealing sensitive data, such as banking information and passwords. The Lampion trojan has been around since at least 2019, focusing mainly on Spanish-speaking targets and using compromised servers to host its malicious ZIPs.

What makes this campaign more dangerous than other, similar campaigns, is the use of a legitimate file transfer service like WeTransfer, making it extremely difficult for email security systems to flag as malicious.

The hackers are also abusing Amazon Web Services (AWS) to operate the Lampion malware. 

Email is still one of the best ways to distribute viruses, malware, or ransomware, despite the fact that email protection tools have gotten better over the years.



What is phishing?

Phishing is a type of cyber attack often used to steal user data, including login credentials and credit card numbers.

It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.


MORE : Hackers are using the James Webb Telescope’s first image to push malware


MORE : Hackers are getting into Microsoft Teams to spread malware

- Advertisment -

Most Popular

Hundreds rally in support of Iranian protests and the late Mahsa Amini in Vancouver

A large gathering of rally attendees descended on Vancouver’s Art Gallery on Sunday. Hundreds went to the popular location for protests and public press conferences...

Week 38 in review: Asus ROG Phone 6D announced, Pixel 7 series pre-order date confirmed

Welcome to our recap of the biggest headlines from week 38. The Apple iPhone 14 fever is still here – we saw the regular iPhone...

Content+Cloud appoints Geoff Kneen as new CEO as Peter Sweetbaum joins parent company, the Advania Group

Sweetbaum will support Advania Group’s pan-European growth ambitions as Head of New Markets Content+Cloud today announced that Geoff Kneen will become CEO and that Peter...