The email marketing service has responded after compromised accounts spread malicious software to users
MailChimp is “working full-time” to stop users’ accounts from being compromised to aid the spreading of malware, the company said.
As previously reported in The Daily Swig, users of the marketing service have been targeted in recent months by malicious phishing emails sent via the service.
These emails, when opened, contained either malicious links or attachments which downloaded malware onto the receiver’s device.
Almost every computer user these days knows not to click on anything sent from a suspicious email address.
But this latest attack is fooling both the receivers and authentication checks.
By hacking into MailChimp’s networks, attackers are posing as legitimate companies to send the spam.
This means a mail user could open an email which appears to be from a client and unwittingly fall victim to the scam.
Last month, infosec blog My Online Security reported that MailChimp subscribers were receiving suspicious emails from a legitimate company called Oxfordshire Sage Support.
It appeared to be an invoice, but a link in the body of the email contained a malicious JavaScript file, which downloaded the Gootkit banking trojan onto users’ devices.
This malware aims to steal the user’s passwords and financial information, including bank and PayPal details.
MailChimp has so far remained coy on the subject until today, when it told The Register it has a team dedicated to stamping out these kind of attacks.
A spokesperson said: “We are taking it very seriously that our platform is being used in this way. While we can’t comment on specific security initiatives, we can tell you that a team is working full time to investigate and address the issue as quickly as possible.
“We are also working to educate impacted users around two-factor authentication and other account security measures. We expect to see an improvement soon.”
