It exploits company certificates to sign the executable and decept the anti virus. The malware infection chain is activated by the attachment.
Cybercrime aims at WeTransfer to steal credentials from victims. The bait is a false order
Cybercrime is using WeTransfer as bait for a phishing campaign all over the world. In recent days, many users have received emails, theoretically coming from the online file transfer service, in which they warn the potential victim that they have received a document. In the text, an unknown sender specifies in English that the files were sent following a conversation with a colleague of the target and that they concern the new order. By the way, he is invited to open the attachments, as they contain technical details. Obviously it’s a scam. Cyber security experts warn that the link leads to a fake WeTransfer page, which requires the insertion of a username and password. The goal, in fact, is to steal the access credentials to the service and then use them fraudulently later.
Cyber Security Experts: The phishing campaign is built quite well, but the WeTransfer fake page is already detected as malicious
The phishing campaign is built quite well. The text is in correct English, to expel a grammatical error at the end. Furthermore, the email comes “theoretically” from WeTransfer. Cyber security experts warn, however, that in all likelihood it has been “spoofed”. In contrast, the common browsers and antiviruses block the fake page. Sign that was allegedly reported. Moreover, the file transfer service had been used in the past by cybercrime to hit targets. In Italy CERT-PA in 2018 reported a phishing campaign, perpetrated against government bodies, which presented itself on behalf of an ICE employee. The email was actually sent through WeTransfer.