Hackers Using Google “Contact Us” To Infect Systems and the Microsoft 365 Defender Threat Intelligence Team recently issued a dire warning that every IT professional should take it seriously.
The Threat Team discovered an emerging threat in the form of hackers utilizing legitimate “Contact Us” forms associated with Google websites to distribute malware to unsuspecting site visitors.
Since the website is legitimate, it almost always bypasses email security filters and sometimes passes CAPTCHA challenges causing a threat.
Right now, the hackers are using this novel attack vector of Google’s “Contact Us” primarily to infect users with the IcedID info-stealing banking Trojan. However, as the team notes, there’s no particular reason that hackers using Google “Contact Us” couldn’t shift gears at any moment and start infecting people with something even more directly damaging to target systems.
The Redmond giant, thought that the hackers using Google “Contact Us” threat was dire enough to reach out to Google to warn them directly. Although Google is now aware, there has yet been any word about what Google will do to keep it from happening or when that might happen.
For now, be aware that if any of your employees get an email that appears to be from Google sending a legitimate-looking Google “Contact Us” form, it may well be a ploy designed by hackers to infect the recipient’s system. Then hackers can start stealing all manners of information, starting with the recipient’s Google login credentials.
It’s proof positive that no company, no matter how large and no matter how elaborate its security measures, is immune. As mentioned above, by leveraging the legitimate URLs of a trusted company that serves as one of the cornerstones of the web itself, there’s no limit to the amount of damage the hackers could potentially do, especially if it looks like a legitimate “Contact Us”.
As ever, vigilance is the best defense. Stay on your guard and impress upon your employees that they are not safe.