Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Compromised Yahoo! Accounts Used to Spread Android Trojan

Over the last several days, weeks really for some, people have noticed an uptick in the amount of spam coming from compromised Yahoo accounts. SecurityWeek staff has witnessed this uptick in spam as well. But this spam run is designed to spread malware to Android devices, so it’s likely not as simple as a weak password issue.

Over the last several days, weeks really for some, people have noticed an uptick in the amount of spam coming from compromised Yahoo accounts. SecurityWeek staff has witnessed this uptick in spam as well. But this spam run is designed to spread malware to Android devices, so it’s likely not as simple as a weak password issue.

Compromised email accounts, on services such as AOL, Yahoo, Hotmail (before it was Outlook), and Gmail have been used to spread spam for years. Often, someone has their account hijacked and an email is delivered to their entire address book requesting that the recipients follow a link somewhere. Mostly, those types of messages are pharmaceutical-based (‘Buy these pills now with no RX needed’), but some have been known to push malware that helps compromise additional email accounts.

This latest Yahoo-based spam campaign is similar. Visit the spammed link via a PC and you’ll see health-product related spam. However, access the link on an Android device, and you’re getting hit with the “NotCompatible Trojan”.

According to Android-based security vendor Lookout:

“NotCompatible is a new Android Trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy.”

This malware has been used before. Similar to this most recent example, those attacks also originated from spammed links via compromised email accounts that only served malware to mobile devices.

In a report from Virus Bulletin, the links used in this most recent attack are still active. The registrar responsible for maintaining them has been unresponsive to requests for help and security alerts. However, the root problem may be Yahoo’s and not the account owners – who often take the blame for these types of attacks due to weak password usage.

“We have reasons to believe that, in this case, the problem lies on Yahoo!’s side,” wrote Martijn Grooten, on the Virus Bulletin blog.

Advertisement. Scroll to continue reading.

“Firstly, the volume of spam from compromised Yahoo! accounts is significantly larger than that sent from other webmail providers. We have noticed this before – and, if anything, the problem has since become worse. More importantly, from various reliable sources, we know that accounts that had not been used for a very long time have been compromised as part of this campaign.”

How was my Yahoo! Account Hacked

As mentioned, the links used in the campaign are all active, and the best advice is simply to avoid random links – even if they come from a legit Yahoo account. In this campaign, the emails often have a random subject such as “Hey” or “Christen G” and a single link. They stand out as suspicious, especially of you know the account they come from and the message is outside of the norm.

There is no word as of yet if Yahoo! has responded to Virus Bulletin.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.