PHPMailer Abuse to Send Spam Emails
Spam ranks as a high threat vector for organizations. The PHPMailer library has been widely adopted in the criminal underground as a tool to send spam and monitor the health of spam campaigns.
Access to PHPMailer libraries is offered for sale on multiple marketplaces like Olux.io.
What can you buy on Olux.io?
- Stolen and hacked credentials
- Hacked PHPMailer installations
- Lists of email addresses
The size and scope of the marketplace
Distribution of PHPMailer installations from the US, Canada, and France:
- US 88%
- Canada 4%
- France 8%
Number of PHPMailers put up for sale on a daily basis:
- Canada 2 to 20
- France 1 to 32
- US 83 to 581
Olux.io traffic sources:
- Nigeria 29%
- Morocco 23%
- UK 13%
- Taiwan 9.9%
Revenue distribution:
- US 87%
- France 9%
- Canada 4%
PHPMailer pricing:
- Price starts at $2
- Maximum price for Canada and France is $20, and $30 for the United States
- Average price around $7
Profile of Hacked PHPMailer Installations:
- 59% did not send a test email to validate uptime
- 7% run on live websites
- For sale between 30 and 87 days on average
- Age can exceed 450 days which questions the operational value
How should your organization respond?
Do not rely solely on the reputation of the SMTP server sending you emails
Check in with your email filtering provider to better profile suspicious senders
