DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“Email Appender” Implants Malicious Emails Directly Into Mailboxes

Posted on November 12, 2020 by Dissent

As if we didn’t have enough breaches that start by compromising an employee’s email account, now there’s more to worry about. Imagine that despite training your employees to be careful, and despite using updated AV or other software to detect nasties, a threat actor could deliver malware-laden emails directly into your employees’ inboxes. Will employees be more likely to open emails that have seeming passed through security checks and that are properly addressed in the from: and reply-to fields? I would guess that they would.

Researchers at Gemini Advisory released a new report today on what a threat actor calls an “Email Appender.”  As Gemini describes it, this tool poses a significant risk to both individuals and businesses because “it raises the success rate of malware attacks, allows for more sophisticated phishing and business email compromise (BEC) campaigns, and opens the door for simplistic ransomware-like attacks.”

The Email Appender is not this threat actor’s first offering. Gemini notes that there was a previous version in 2019 that was a simpler email spam service called “GetMailer Pro.”

Details of how Email Appender works are provided in the full report, but it is worth noting that it all begins with the threat actor being able to get working login credentials. And we know that password reuse continues to be a major problem and that combo lists are a dime a dozen these days. Does that suggest one line of prevention to you? Gemini also notes:

Furthermore, email platforms typically monitor the IP addresses of users attempting to connect to an account via IMAP to prevent unauthorized or unusual activity. To overcome this security precaution, Email Appender can be configured to use SOCK proxies, which allow attackers to set their IP address to a location that they believe will deceive email platform security. To make matters worse, Email Appender also comes pre-packaged with 10,000 IMAP server configurations that can be updated as needed, and the software can analyze victims’ email addresses to identify which server connection should be used.

Read more on Gemini Advisory for technical details, potential impact, and what entities can do to protect from this type of attack, such as deploying multifactor authentication (MFA).

Related posts:

  • Ransomware – The New (Too-High) Cost of Doing Business
  • Breached Online Ordering Platforms Expose Hundreds of Restaurants
  • “Keeper” Magecart Group Infects 570 Sites — Gemini Advisory Researchers
Category: Breach IncidentsCommentaries and AnalysesMalwarePhishing

Post navigation

← Pell City notifies residents of vendor breach
AU: Newcastle Grammar School Targeted In Cyber Attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.