Apparently, MailChimp email service has been frequently abused to deliver spam messages carrying malware infections. Security researchers have been frustrated because this problem has been happening for quite some time.
MailChimp Abused in Spam Campaigns Distributing Malware
The issue needs to be resolved as soon as possible as MailChimp is a widely-used service that delivers newsletters, bulletins, and even invoices and order confirmations to users and customers. Infected spam messages that are sent through MailChimp’s network are quite alarming as they tend to pass authentication checks.
Not to mention that email providers typically whitelist MailChimp due to the essence of the service. All of this simply means that suspicious, potentially infectious messages distributed via MailChimp are highly likely to be received and opened by the recipients.
What exactly has been happening? Attackers have been hacking into MailChimp’s network and have been sending fake invoices and emails ridden with malware. This became evident by a post written by security blogger known as My Online Security:
A lot of mail providers actually whitelist Mailchimp by default, because it has become almost the default service for sending newsletters, information bulletins and in many cases Company Invoices and Order Confirmations. Mailchimp use so many different sending email servers that it is almost impossible to keep, up with them. The main ones we see frequently are *.rsgsv.net | *mcsv,net | *.mcdlv.net.
In one particular case, Red Bull Records’ MailChimp account was compromised and abused to distribute an Apple-themed phishing email.
“It is unclear how spammers managed to gain access to MailChimp’s systems; possibilities range from a vulnerable third-party plug-in that integrates into MailChimp, to a vulnerability in MailChimp itself, or customer credentials being stolen through a phishing attack,” Martijn Grooten, editor of industry journal Virus Bulletin explained in a blog post.
Apparently, according to security researcher Kevin Beaumont, the network has been abused to distribute GootKit banking malware for four whole months.
What Is MailChimp Doing to Address the Issue?
Interestingly, the popular IT website The Register has contacted MailChimp, and MailChimp seems to have acknowledged the issue:
We are taking it very seriously that our platform is being used in this way. While we can’t comment on specific security initiatives, we can tell you that a team is working full time to investigate and address the issue as quickly as possible.
We are also working to educate impacted users around two-factor authentication and other account security measures. We expect to see an improvement soon.
For now, users are advised to lock down their MailChimp accounts by applying two-factor authentication.