Author: Nathan Toporek
On 20 September, Infoblox observed a malicious spam (malspam) campaign delivering a malicious HTML file capable of phishing for credentials. While threat actor(s) used generic lures in their emails, the HTML file specifically targeted WeTransfer, a file-sharing service.
Threat actors used a malicious HTML file in this campaign that is not related to any family of malware that Infoblox is aware of. The file harvests and exfiltrates WeTransfer credentials.
In this campaign, threat actors sent victims an email with a subject of Request for Quotation-Urgent!!!. While the message body was empty, the email did include an HTML file attachment named order – Copy.html.
Infoblox’s full report on this campaign will be available soon on our Threat Intelligence Reports page.