PHPMailer Abuse to Send Spam Emails

 

 

Download the PDF

 

PHPMailer Abuse to Send Spam Emails

Spam ranks as a high threat vector for organizations. The PHPMailer library has been widely adopted in the criminal underground as a tool to send spam and monitor the health of spam campaigns. 

Access to PHPMailer libraries is offered for sale on multiple marketplaces like Olux.io.

What can you buy on Olux.io?

  • Stolen and hacked credentials
  • Hacked PHPMailer installations
  • Lists of email addresses

The size and scope of the marketplace

Distribution of PHPMailer installations from the US, Canada, and France:

  • US 88%
  • Canada 4%
  • France 8%

Number of PHPMailers put up for sale on a daily basis:

  • Canada 2 to 20
  • France 1 to 32
  • US 83 to 581

Olux.io traffic sources:

  • Nigeria 29%
  • Morocco 23%
  • UK 13%
  • Taiwan 9.9%

Revenue distribution:

  • US 87%
  • France 9%
  • Canada 4%

PHPMailer pricing:

  • Price starts at $2
  • Maximum price for Canada and France is $20, and $30 for the United States
  • Average price around $7

Profile of Hacked PHPMailer Installations:

  • 59% did not send a test email to validate uptime
  • 7% run on live websites
  • For sale between 30 and 87 days on average
  • Age can exceed 450 days which questions the operational value

How should your organization respond?

  • Do not rely solely on the reputation of the SMTP server sending you emails
    Check in with your email filtering provider to better profile suspicious senders

Download the Full Research Report

Share This Article

Faustine Foliard

Marketing Lead

Related Content