By Rodman Ramezanian
Global Cloud Threat Lead, Skyhigh Security


Today, threat actors leverage free cloud tools, such as hosting providers, file transfer services, collaboration platforms, calendar organizers, or a combination of each, to bypass security measures and disseminate malicious payloads around the world. In this instance, we focus on the Lampion malware campaign, first reported by researchers at Cofense.

The threat actors behind the Lampion malware campaign send phishing emails using hacked business accounts, encouraging end-users to download a ‘Proof of Payment’ mock file hosted on WeTransfer. Its primary objective is to extract bank account details from the system. The payload overlays its own login forms onto banking login pages. When users enter their credentials, these fake login forms will be stolen and sent back to the attacker.


Read the Skyhigh Security Intelligence Digest,
The Newest Abuse of File-Sharing Services Aids Phishing Campaigns.

View the entire Skyhigh Security Intelligence Digest series here.