Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration


An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines.

A Cofense analysis, published Tuesday, of popular keylogging malware – which records user imputs in real-time to find passwords and other information – found that cybercriminals are abusing Zoho in two ways. One is by creating bogus, free accounts, and using these to receive emails from their malware containing the stolen data from the keylogger. Secondly, attackers in some cases are using stolen accounts to facilitate this same data exfiltration.

Read more…
Source: ThreatPost