MailerLite Hack Leads to Massive Cryptocurrency Theft — An Exploit or an Infostealer Infection?

Cryptocurrency on-chain sleuth, ZachXBT, alerted the cryptocurrency community today that several notable organizations such as CoinTelegraph and WalletConnect are being used to send phishing messages through their mailing lists.

Telegram message sent by ZachXBT.

It appears that the emails sent to victims are an attempt to convey them into signing a transaction that will drain their crypto wallets

Suspicious email received by WalletConnect

So far over $500,000 were drained from victims and a money laundering attempt is undergoing.

image of a transaction from the hacker’s ETH address — 0xef3d9a1a4bf6e042f5aaebe620b5cf327ea05d4d

“Scam Sniffer” detected that all of the impacted companies are using a mailing service named MailerLite and indicates that this is the reason for the hack

This was confirmed by one of the impacted companies as well.

While it is uncertain whether MailerLite suffered an exploit or not, Hudson Rock researchers identified a recently infected computer of a MailerLite employee with accesses to sensitive URLs within MailerLite & its third parties.

Image of the data from the infected MailerLite employee’s computer from Hudson Rock’s platform, Cavalier

The computer was infected by CRYPTBOT Infostealer in August of 2023 and has sensitive credentials to Mailerlite such as https://admin.mailerlite.com/admin which could have been used by the threat actor to gain an initial access to the company’s servers.

In addition, the employee has valid cookies to sensitive services which were stolen by the infostealers and are often used by hackers to perform sessions hijacks.

Cookies for slack.com:

Cookies for microsoftonline.com (office365):

An image from the infected employee’s computer reveals that they were compromised when trying to execute an infected software.

The image also shows that they were using Slack at the time:

This attack again illustrates how a single infostealer infection could be detrimental to any company.

It is important to routinely check your organizational exposure to Infostealer infections which are the top initial attack vector for threat actors to access corporate and customer accounts.

To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here: https://www.hudsonrock.com/schedule-demo

We also provide access to various free cybercrime intelligence tools that you can find here: www.hudsonrock.com/free-tools

Thanks for reading, Rock Hudson Rock!

Follow us on LinkedIn: https://www.linkedin.com/company/hudson-rock

Follow us on Twitter: https://www.twitter.com/RockHudsonRock

Don’t Stop Here

More To Explore

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise