A newly detected wave of spam emails is bypassing transport layers and landing in mailboxes, Vade Secure researchers report.
This campaign sent 300,000 spam messages to a single customer in one day and has been seen in France, Italy, Denmark, and the United States. Researchers suspect the attackers are using a tool called Email Appender, which is available on the Dark Web and can be used to connect with compromised email accounts via IMAP.
Email Appender, first reported in October, lets attackers validate compromised email credentials they steal or buy on the Dark Web. They can use the tool to configure a proxy to avoid IP detection, draft a malicious email, and deliver spam straight into a user's account. Attackers can customize their malicious emails to include the display name of the sender's address and provide a reply-to address.
Researchers say this incident is being addressed by shutting down compromised accounts and resetting affected credentials. They note while this incident mostly delivers spam, it's a sign attackers are practicing the new technique before using it to distribute phishing and malware campaigns.
Read Vade Secure's blog for more details.