Hackers have found yet another cloud-based service they can use to bypass email protection and land phishing emails straight into people’s inboxes.
Security researchers from Cisco Talos have reported observing malicious files built on digital document publishing (DDP) platforms, such as Publuu, Marq, FlipSnack, Issuu, FlippingBook, RelayTo and SimpleBooklet. These platforms allow users to create interactive flipbooks out of PDF files.
The hackers would create countless free trial accounts, and use them to generate flipbooks containing links to malicious landing pages. They then use the platforms to distribute the documents to their victims.
Malicious files with an expiration date
Since the emails would come from a legitimate, trusted source, most of them would make it past email…
Source link