Spoofed Emails from Supposedly Corporate Printer Vendors Install Backdoor

Corporate printers and scanners related emails are quite common in large organizations and this particular aspect is now deemed as a potential opportunity for exploitation by cybercriminals. According to the findings of Barracuda Networks, there is a sudden rise in attacks involving HP, Canon and Epson printer and scanner email attachments.

Reportedly, hackers have launched a new campaign since November 2017 where spoofed emails are being sent to unsuspecting users for infecting the computers. These emails are supposed to be sent by commonly used printer and scanner brands, which is why nobody tends to suspect foul play. The attachments in the spoofed emails contain malware.

More: Hacker takes over thousands of Printers; sends alerts to users

Fleming Shi, the technology SVP at Barracuda, wrote in an official blog post that corporate printers are extensively used across the globe primarily because these devices can scan and copy pages and send emails of scan as well as provide an easy way to exchange PDF versions of important documents. These devices are different from simple printers and this is why these are so much in demand. Perhaps, cybercriminals have their eyes set on corporate printers and scanners now.

The emails contain very regular and normal looking subject lines such as Scanned from HO, Scanned from Canon or Scanned from Epson, etc. Cybercrooks have modified extension and file names and hidden the malicious coding in such a way that email antivirus software cannot detect them.

Screenshots from spoofed emails (Barracuda)

When the attachment is downloaded, the malware immediately installs a backdoor on the machine. This backdoor offers unauthorized access to the targeted PC to cybercriminals and grants the attacker capability of spying on the device.

Furthermore, the malware can perform functions like tracking every move of the machine, modifying computer settings, copying documents, using bandwidth for malicious tasks and access other systems connected to the infected machine. It can scan connections as well to obtain higher user rights on the desktop such as local admin rights.

Attackers can also use the malware as ransomware by simply changing the wallpaper of the infected computer and display any message that they want. Therefore, it is important to double check the sender prior to opening any attachments that come with the email. If there is no scanned document expected then it is better to not open the email at all.

More: How A Coffee Machine Infected Factory Computers with Ransomware

Related Posts