A campaign targeting Dropbox users has been discovered, which phishes for victims’ passwords via a bogus email before infecting their computer with malware.
Security firm Appriver uncovered the attacks, which uses a Trojan in the Zeus family to steal users’ financial information.
It lures them in by sending an official-looking email reset password, informing them their old password is ‘dangerous,’ according to Appriver’s blog.
When users click the ‘reset password’ link they are led to a page prompting them to download an update their browser which is really the Trojan.
Appriver said the links come from 54 unique domains, all hosted in Russia.
It said the sites were all registered on the same day last week, but did not mention how many users might have been affected.
‘As always, take extreme caution when you get any password or banking emails out of the blue,’ urges the company.
The Zeus Trojan remains the popular botnet family on the net, according to a report by security firm McAfee, accounting for more than 57% of bot attacks.
More than 200 million people in over 200 countries currently use Dropbox, which has around a billion files saved to it every 24 hours.
In February this year the company underwent an overhaul with the aim of attracting more paying enterprise customers, introducing a new dashboard function for IT administrators.
However the cloud storage playform has been plagued by security concerns, ranging from stolen passwords to a research paper published by security experts in August this year that outlined a way to hack the platform’s two-factor authentication and encryption of files — security features it introduced last year.
'This is similar to other email spam campaigns that have spoofed well-known brands to distribute malware,' a Dropbox spokesperson explained.
'We’ve investigated and taken action to disrupt this campaign. In addition, we urge people to exercise caution with unexpected emails. For example, check the destination of links in emails before clicking on them, verify the email directly with the sender’s actual website or support channels, and use up-to-date antivirus software.'