Hacker Employ Milanote App for Spreading Phishing Email


The usage of collaborative applications had been a major victory with the pandemic. That incorporates Microsoft Teams, Google Meets, Zoom, and many others. Indeed, the software on the web makes brainstorming, designing, and collaborating with team members easier for all kinds of concepts. 

Milanote is among the most popular apps used in this period. It is recognized as an application for creators to note, compile and collaborate. It is used for sorting notes, gathering ideas, structuring activities - workflows, and much more. Companies mentioned, among many others, like Uber, Facebook, Google, and Nike, use it for their office routine. 

According to analysts, the Milanote app, also designated by reviewers as "the Evernote for creatives," has gained the attention of cybercriminals, that further abuse it to conduct credential-stealing campaigns that glide past secure email gateways (SEGs). 

The report compiled and published on Thursday by Avanan indicates that the hackers look to hack the victims using a simple email. The mail sent has the line of the subject as, "Project Proposal Invoice". The email body is rather explicit, only saying, “Hello. See attached invoice for the above-referenced project. Please contact me if you have questions or need additional information. Thank you.” There have been no customization, branding, or other characteristics of social engineering in the mail. 

“The email itself is pretty standard issue,” Gil Friedrich, CEO, and co-founder of Avanan stated. “It gets attention with the subject of ‘Invoice for Project Proposal.’ It’s certainly not the most sophisticated effort in the world, however, it understands what emails can get past static scanners, including, in this case, Milanote.” 

If the attachment link in the email is opened by the destination, a single-line document opens ("I shared a file with you. Click on the "Download" link (see below) with a clickable "Open Docs" button. 

Lately, the volume of these slippery phishing attacks has increased "dramatically," according to Avanan researchers. In the communication network, 1,430 e-mails were analyzed that contained a link to Milanote, and 1367 were part of the phishing campaigns (a whopping 95.5%). 

“[Most] use static scanners to scan attachments or links for malicious payloads,” according to the writeup. “In response, hackers are bypassing those detection mechanisms by nesting the payloads in deeper layers within legitimate services, fooling the static scanners. This is part of a larger trend of hackers utilizing legitimate services to host malicious content. Because the scanner doesn’t go that deep, hackers can leverage these services to host their content and easily send it to users.” 

Friedrich told that the scammers have been increasingly employing this technique in a large number of services. Another part of the development is that malicious hackers have resorted to them with the advent of collaborative platforms to create new techniques for social engineers and escape defenses. 

“We’re talking to people on Zoom, sharing thoughts on Slack, using whiteboards on Jamboard and thousands of other services. Email is still incredibly important, of course, but there are other places where information is transmitted,” he added. 

Cybercriminals may bring dangerous links to where they have been, rather than just email. It enables hackers with simple access to many of these collaboration apps. Since they did not get the same phishing training at these sites, users may have their guard down. It's an easy approach for con men to realize many of their malicious goals. Users are advised to stay alert to the Milanote attack and other similar rocketing attacks, by following the best safety practices available.