New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Zoho Keylogger

October 8, 2018

During last week, Zoho, a CRM software and mail provider, went offline because of falling victim to a phishing attack. After further investigation, it was seen that Zoho was being heavily used by keyloggers. A keylogger is a type of malware that can collect account credentials. The two most common keyloggers seen were Agent Tesla and Hawkeye. Once the keyloggers collect the desired data, they will compile the stolen data and use the Zoho service to send the data to the attackers. Zoho is enticing to attackers for a couple of reasons. The first is that Zoho is a Software as a service (SaaS) solution. Cloud-based organizations are a popular target for attackers due to the number and variety of end user demographics. Another reason is because of poor security practices. Zoho responded by implementing new policies that all free Zoho accounts will have to follow.