Home > Cyber News > MailChimp Abused to Deliver GootKit Banking Malware for 4 Months

MailChimp Abused to Deliver GootKit Banking Malware for 4 Months

Apparently, MailChimp email service has been frequently abused to deliver spam messages carrying malware infections. Security researchers have been frustrated because this problem has been happening for quite some time.

MailChimp Abused in Spam Campaigns Distributing Malware

The issue needs to be resolved as soon as possible as MailChimp is a widely-used service that delivers newsletters, bulletins, and even invoices and order confirmations to users and customers. Infected spam messages that are sent through MailChimp’s network are quite alarming as they tend to pass authentication checks.

Related Story: Necurs and Gamut Botnets Delivering 97% of All Spam to Your Inbox

Not to mention that email providers typically whitelist MailChimp due to the essence of the service. All of this simply means that suspicious, potentially infectious messages distributed via MailChimp are highly likely to be received and opened by the recipients.

What exactly has been happening? Attackers have been hacking into MailChimp’s network and have been sending fake invoices and emails ridden with malware. This became evident by a post written by security blogger known as My Online Security:

A lot of mail providers actually whitelist Mailchimp by default, because it has become almost the default service for sending newsletters, information bulletins and in many cases Company Invoices and Order Confirmations. Mailchimp use so many different sending email servers that it is almost impossible to keep, up with them. The main ones we see frequently are *.rsgsv.net | *mcsv,net | *.mcdlv.net.

In one particular case, Red Bull Records’ MailChimp account was compromised and abused to distribute an Apple-themed phishing email.

It is unclear how spammers managed to gain access to MailChimp’s systems; possibilities range from a vulnerable third-party plug-in that integrates into MailChimp, to a vulnerability in MailChimp itself, or customer credentials being stolen through a phishing attack,” Martijn Grooten‏, editor of industry journal Virus Bulletin explained in a blog post.

Apparently, according to security researcher Kevin Beaumont, the network has been abused to distribute GootKit banking malware for four whole months.

Related Story: Ursnif v3 Banking Trojan on the Loose with Sophisticated Targeting

What Is MailChimp Doing to Address the Issue?

Interestingly, the popular IT website The Register has contacted MailChimp, and MailChimp seems to have acknowledged the issue:

We are taking it very seriously that our platform is being used in this way. While we can’t comment on specific security initiatives, we can tell you that a team is working full time to investigate and address the issue as quickly as possible.

We are also working to educate impacted users around two-factor authentication and other account security measures. We expect to see an improvement soon.

For now, users are advised to lock down their MailChimp accounts by applying two-factor authentication.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree