Attackers Leverage IMAP to Infiltrate Email Accounts

Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.

A newly detected wave of spam emails is bypassing transport layers and landing in mailboxes, Vade Secure researchers report.
This campaign sent 300,000 spam messages to a single customer in one day and has been seen in France, Italy, Denmark, and the United States. Researchers suspect the attackers are using a tool called Email Appender, which is available on the Dark Web and can be used to connect with compromised email accounts via IMAP.
Email Appender, first reported in October, lets attackers validate compromised email credentials they steal or buy on the Dark Web. They can use the tool to configure a proxy to avoid IP detection, draft a malicious email, and deliver spam straight into a users account. Attackers can customize their malicious emails to include the display name of the senders address and provide a reply-to address.
Researchers say this incident is being addressed by shutting down compromised accounts and resetting affected credentials. They note while this incident mostly delivers spam, its a sign attackers are practicing the new technique before using it to distribute phishing and malware campaigns.
Read
Vade Secures blog
for more details.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Attackers Leverage IMAP to Infiltrate Email Accounts