• Cryptocurrency
  • Earnings
  • Enterprise
  • About TechBooky
  • Submit Article
  • Advertise Here
  • Contact Us
TechBooky
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
TechBooky
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Home Research/How to do it

Cybercriminals Exploit MailChimp to Disseminate Malware

Paul Balo by Paul Balo
November 24, 2016
in Research/How to do it, Security
Share on FacebookShare on Twitter

In the relentless war against malware, no platform seems to be immune. Even our trusted email newsletter service, MailChimp, is susceptible. Recently, hackers exploited the popular broadcast email service to send out messages containing malware-infested links to unsuspecting subscribers of various services that use MailChimp, according to a report by [Motherboard](http://motherboard.vice.com/read/hackers-are-using-mailchimp-to-spread-malware).

A message from the mouths of these marauders typically reads something like, “Here’s your invoice! We appreciate your prompt payment.” An Australian security researcher, who is also the owner of the Have I Been Pwned? platform, forwarded an example of these insidious emails to Motherboard. “This morning our MailChimp subscriber database was hacked and a fake invoice (Invoice 00317) [sic] was sent to our list,” he claimed, substantiating these allegations with screenshots on Twitter.

All it takes is one wrong click. Subscribers are led to believe they must view an invoice by clicking on an embedded “View Invoice” button. This action, unfortunately, initiates a download of a .zip file teeming with malicious content. An Australian company supported these findings by confirming on Twitter that its MailChimp subscriber database had indeed been hacked, and a spurious invoice (Invoice 00317) had been dispatched to its list of subscribers. The danger lies in the potential for subscribers to unwittingly provide hackers access to their devices by clicking on the fraudulent link.

In response to the breach, the targeted company implored its subscribers to ignore such emails. “Please disregard and delete this email. You have not been charged,” they stated in an announcement. Camilla Jansen, managing editor of Business News Australia, informed Motherboard via email, “We’re waiting to find out more.”

MailChimp, in the meantime, has issued a statement to Motherboard asserting, “Early this morning MailChimp’s normal compliance processes identified and disabled a small number of individual accounts sending fake invoices. We have investigated the situation and have found no evidence that MailChimp has been breached. The affected accounts have been disabled, and fraudulent activity has stopped.”

While MailChimp encourages users to [set up two-factor authentication](http://kb.mailchimp.com/accounts/management/best-practices-for-account-security), it’s critical for recipients to remain vigilant when clicking on emails. If you detect inconsistencies or changes in emails from a company you subscribe to, it would be wise to confirm the authenticity of the email prior to taking further action. Additionally, frequently updating passwords and avoiding duplicative passwords across multiple platforms can help guard against these malicious attacks. In fact, password reuse is suspected to be the root of this particular breach.

As always, exercise discretion when clicking on email links. By using a bit of extra care, you can do your part to keep your data safe and confound those pesky cyber miscreants.

Related Posts:

  • Mailchimp Repress Clients Newsletters Without Forewarning.
    Mailchimp Repress Clients Newsletters Without Forewarning.
  • router-595x335_0
    US And UK Warn Of Custom Malware Vulnerability On…
  • skynews-russia-hacker_5812455
    Russian Hackers Target WhatsApp for Data on Ukraine
  • ActiveCampaign alternatives
    15 best ActiveCampaign alternatives and competitors in 2025
  • Shielded Email
    Google’s Next Approach to Combat Spam Via Shielded Email
  • phishing
    Google's Email Cloaking Could be a Defence Against…
  • shutterstock_chatgpt
    Researchers Warn ChatGPT Crawler May Cause DDoS…
  • 299ff3f7-54c1-435f-8947-d46591ca8b90_1200x627
    Musk's X Blocks Signal.me Links

Discover more from TechBooky

Subscribe to get the latest posts sent to your email.

Tags: australiacyber securityemailhackersmailchimpmalwareresearcherssecurity
Paul Balo

Paul Balo

Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.

BROWSE BY CATEGORIES

Receive top tech news directly in your inbox

subscription from
Loading

Freshly Squeezed

  • Downtime Update On Microsoft Outlook July 10, 2025
  • NIN Verification Portal Outages Frustrate Banks and Telecoms July 10, 2025
  • Blok Deploys AI Personas for App Usage Simulation July 10, 2025
  • Dorsey Says Bitchat Software Lacks Security Review July 10, 2025
  • Threaded Conversations Now Available On Microsoft Teams July 10, 2025
  • Elon Musk’s xAI Launches Grok 4 at $300/Month July 10, 2025

Browse Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    

Quick Links

  • About TechBooky
  • Advertise Here
  • Contact us
  • Submit Article
  • Privacy Policy
  • Login

© 2025 Designed By TechBooky Elite

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • Artificial Intelligence
  • Gadgets
  • Metaverse
  • Tips
  • About TechBooky
  • Advertise Here
  • Submit Article
  • Contact us

© 2025 Designed By TechBooky Elite

Discover more from TechBooky

Subscribe now to keep reading and get access to the full archive.

Continue reading

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.