Malspam: A simple and traditional attack technique that continues to be favorite among bad actors

• Malspam is basically a spam email that delivers contains infected attachments, phishing messages or malicious URLs to deceive users.
• It is considered to be one of the favorite malware delivery channels for the attackers.

Malspam, also known as malicious spam or malware spam, is one of the preferred attack vectors for malicious actors. It is considered to be one of the favorite malware delivery channels for the attackers.

What is malspam?

Malspam is basically a spam email that delivers malware. Such emails contain infected attachments, phishing messages or malicious URLs to deceive users. It can be used to deliver a variety of malware including ransomware, trojans, bots, info-stealer, cryptominers, spyware and keyloggers.

How is it executed?

A successful malspam attack is launched by using an obfuscation technique to get through the installed security product’s spam email filters such that the malicious attachment is opened by the user.

To accomplish the second task, attackers use social engineering techniques to make their malicious email look attractive or legitimate.

Examples

• TA505 threat actor group leveraged massive malspam campaigns to distribute FlawedAmmy RAT in in 2018. The malware delivered through PDF attachments.
• The technique was used in a recent ‘Love You’ malspam campaign to target Japan and spread GandCrab 5.1. The malware was distributed through ZIP files masquerading as image files.
• Malspam campaign was also used to propagate a new malware named Marap in 2018. The malware strain was distributed in different ways such as through .IQY files, PDF documents with embedded IQY files, password-protected ZIP archives, and the classic Word docs with embedded macros.

Apart from this, the attackers have also used the technique AZORult trojan & Hermes 2.1 ransomware, Lokibot, DarkComet RAT and Danbot.

How to stay safe?

The following are some red flags to spot malicious emails:

• Check if the address matches with the name of the sender and whether the domain of the company is correct. A close look at the display names can help you know if the received email is legitimate or not;
• Always hover first over the links in the link before clicking on it. This gives an idea about the destination of the URL;
• Check for spelling mistakes in the body of the email. This is a telltale sign to identify a spam email;
• Never fall for the offers/discounts announced in the email. Always check the same by visiting the official site.