07 Oct Hackers Intercept Email Communications Using FreeMilk
Palo Alto Networks Unit 42 researchers recently uncovered a campaign that uses a malware called FreeMilk to hijack email conversations with phishing messages designed to spread malware into corporate networks.
The FreeMilk phishing attack uses the CVE-2017-0199 remote code execution flaw to take control of a system via stolen credentials. The attacker then intercepts an ongoing conversation and tricks the target into installing the malware. Two payloads called PoohMilk and Freenki will then be downloaded and installed in the system.
FreeMilk has already been used to infiltrate networks belonging to a Middle Eastern bank and a number of European intellectual services firms.