Craigslist is Latest Malware Victim

October 28, 2021 1:38 pm

This month, the Craigslist internal email system was hijacked and began sending users convincing messages so that malware could be delivered.  The messages are sent from an authentic Craigslist IP address, and state that the user’s post was flagged for inappropriate content.  The message gives incorrect directions on what to do to avoid having their accounts deleted.

It has been discovered that the email’s HTML was manipulated into a document that had a malware-download link that was uploaded to a Microsoft OneDrive page.  This customized page impersonated brands like DocuSign, Norton and Microsoft; typically reliable brands.  That is why it was able to easily get through standard email authentication.

The email read: “Our platform’s content publishing policy explicitly prohibits inappropriate content, your ad has received many red flags.  A more detailed description of the problem is available in this form. It will be available 24 hours.”

Clicking on the “form” brought users to a Microsoft OneDrive document.  The email’s HTML was manipulated so that the “form” button was linked to OneDrive.  Once the button was clicked, it began a .ZIP file download that delivers malware.

As always, it is advised to be on the lookout for these types of attacks, whether you use Craigslist or not.  Some things to be aware of is noticing if the domain is unrecognizable by hovering over the link, as well as if two platforms are mixed.  For example, you wouldn’t upload a document to OneDrive to resolve an issue on Craigslist.

Categorised in:

Book Your Free Consultation Today!