MailChimp Phishing Campaigns

Have you heard of MailChimp? If not, there is a good chance that you will see the name at the bottom of an email at some point. Perhaps you have just missed it. On its website MailChimp says it’s “the world’s largest marketing automation platform. It’s like a second brain that helps millions of customers…” I don’t know about it replacing my brain, but it certainly does allow organizations to send out email blasts in an efficient way directly to their customers. Lately, researchers are seeing an increasing number of compromised MailChimp accounts being used for spam email campaigns.

In these cases, the email subjects are often disguised to appear to be invoice notifications or some other type of correspondence from a vendor. Inside the message is a link that will send users to a malicious .zip attachment.

Again, any time you receive email with a link or attachment, or a link to an attachment, eyeball it with suspicion. This is especially true if you are not expecting it or if it’s from an unfamiliar sender. Even if you do have contacts that would send you an invoice, if you’re not expecting an invoice, definitely beware. It just takes a few seconds of your time to confirm if it’s authentic. Pick up the phone and place a call, pay a personal visit, or send a completely new email or text (as opposed to replying).

For those who use MailChimp for marketing, it’s a good idea to change the passwords for the accounts. In addition, enable two-factor authentication (2FA). This will require a second method of authentication to be completed before access is given.

In this recent campaign, it appears the malware being unleashed is the key-logging, screen-recording, and information-stealing banking Trojan called Gootkit. The researcher that has been following this closely has seen the frequency increase to a nearly daily occurrence.

The subject lines and bodies of the emails do change a little. It just shows that the criminals are always changing up their strategies to keep everyone on their collective toes. So, it is always important to keep the guard up when it comes to spotting phishing attempts.

Using MailChimp is quite clever for spammers. In fact, it's been used in the past. After all, the idea of phishing is to get as many emails in front of as many viewers as possible. By using a well-known mail campaign product, they can bypass spam filters and get into the inboxes of those who may open them.