Crooks Dump Malware on Victims through Dropbox Accounts, Hold Files and Data Hostage

Scammers are using Dropbox to deliver malware, according to PhishMe. Learn the hidden risks of file sync and share apps and how you can avoid the problem.

24 June 2014


Scammers are using Dropbox to deliver malware to unsuspecting victims, with an estimated 500,000 infected systems, according to a recent blog on the PhishMe security tools site.

The hackers send out emails that contain Dropbox links — whose presence, for some reason, make the recipients feel safe. The email invites the user to view a fax report or voicemail notification. After clicking the link, the recipient lands on Dropbox.

PhishMe email

Source: PhishMe

There, the user downloads a zip file, whose code executes, encrypting the recipient’s files. This is followed by a demand for a ransom to unlock these files, said the blog. PhishMe calculated the crooks may have collected more than $80,000.

PhishMe User must pay

Source: PhishMe

The Hidden Risks of File Sync and Share Apps

Dropbox and other file sync and share (FSS) providers have seen widespread consumer adoption, with well over 300 million users globally. That’s because these vendors offer easy to use tools — but ones that also lack hardened security. Many file sharing services don’t scan for malware or viruses. They should, because these services are natural vectors for viruses and malware, which can replicate in files across many devices.

So it’s only logical for criminals to use these FSS services as a scamming platform that gives them widespread access to potential victims. Given this situation, information technology professionals should prepare accordingly for a rise in FSS-based attacks.

How to Avoid the Problem

As PhishMe pointed out, the best protection is user vigilance, especially when they are downloading zipped files or when receiving unsolicited emails from unknown senders. Beyond that, we should all be cautious if we receive links to Dropbox accounts — or from other file sharing services that don’t provide basic virus and malware scanning.

Any FSS application should, at a minimum, scan all files on both upload and download. This way, infected files can be detected before they are stored and synchronized across devices. They should be checked again whenever they are downloaded so that a newly identified malware or virus code will be intercepted before it gets propagated further.