Originally posted on ZDNet by Liam Tung

Criminals spread malware using website contact forms with Google URLs

Microsoft is warning businesses to beware of cyber criminals using company website contact forms to deliver the IcedID info-stealing banking trojan in email with Google URLs to employees.

Company website ‘contact us’ forms are an open doorway on the internet and criminals have recently started using them to reach workers who receive contact requests from the public.

A notable feature of the attack is that the crooks are using the contact forms to send employees legitimate Google URLs that require users to sign in with their Google username and password.

Microsoft considered the threat serious enough to report the attacks to Google’s security teams to warn them that cyber criminals are using legitimate Google URLs to deliver malware. The Google URLs are useful to the attackers because they will bypass email security filters. The attackers appear to have also bypassed CAPTCHA challenges that are used to test whether the contact submission is from a human.

“Attackers are abusing legitimate infrastructure, such as websites’ contact forms, to bypass protections, making this threat highly evasive. In addition, attackers use legitimate URLs, in this case Google URLs that require targets to sign in with their Google credentials,” the Microsoft 365 Defender Threat Intelligence Team notes.

Read at ZDNet

Download PDF here