The malware is sold on the Russian-language darknet

Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the USA have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change logins and passwords.

Databases of usernames and passwords to mail are actively being sold on hacker forums.

According to Gemini Advisory, an attacker can upload such a database to the Email Appender, after which the program will try to connect to accounts that are suitable for login-password pairs via IMAP. Next, it remains to use the IMAP function, which allows you to upload ready-made mail messages (files.EML) to the mailbox — that is, in fact, we are talking about the fact that the message needed by the attackers appears in the victim’s mailbox, without going through traditional filters and means of protection.