Google URLs are being used to disguise malware sent through contact forms

Cybercriminals have begun leveraging website contact forms to deliver malware and the IcedID banking trojan to unsuspecting enterprise employees over email according to new research from Microsoft.

The Microsoft 365 Defender Threat Intelligence Team has been tracking a new campaign in which attackers are abusing legitimate infrastructure including website contact forms and Google URLs to bypass email security filters.

Source link