Ropemaker: Researchers discover exploit that can hack email AFTER it has been sent


It seems that hackers can now intercept emails after they have been sent, altering the content and filling it will malware.

The new virus, known as “Ropemaker”, is capable of adding links to sent emails as well as changing the content, such as changing “yes” to “no” therefore making some potentially awkward situations.

Most malicious emails are filtered out by email providers but it seems that Ropemaker avoids Spam filters as it alters content after the email has landed.

The emails could then lead the person who opens it to nefarious websites booby-trapped with malware which, if downloaded, could spy on to steal personal details and defraud them.

Security researchers at Mimecast found that cyber criminals don’t even need direct access to the sender or recipient’s emails. They said that hackers exploit a hole where the code for web technologies and the code for email providers meet.

Matthew Gardiner from Mimecast said: “Most people live under the assumption that email is immutable once delivered, like a physical letter.

“A new email exploit, dubbed Ropemaker by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email.

“We have shown it to work on most popular email clients and online email services.

“Given that Mimecast currently serves more than 27,000 organizations and relays billions of emails monthly, if these types of exploits were being widely used it is very likely that Mimecast would see them.

“However, this is no guarantee that cyber criminals aren’t currently taking advantage of Ropemaker in very targeted attacks.”

H/T: Bleeping Computer


Comments are closed.