RogueApps

When Good Apps Go Rogue | Powered by Huntress

Tracking 7 rogue applications

No matching applications found. Try a different search term.

eM Client

A robust email client often leveraged by attackers due to its extensive capabilities. eM Client allows attackers to sync multiple inboxes into the same client, download all emails from an inbox, mass mail spam, export calendars and contacts, and create inbox rules to stage financial transaction fraud.

BEC email spam

PerfectData Software

An application that can export mailboxes for backup purposes. Used maliciously to exfiltrate data and stage financial fraud transactions.

exfiltration BEC backup

Newsletter Software Supermailer

Software used for email mass mailing, often abused to send phishing emails. Requires administrator consent to use with Microsoft365, which then allows the application to send from any mailbox within the tenant.

BEC spam phishing

rclone

Rclone is a command-line program to manage files on cloud storage. It allows the user to download all files the user account can access within OneDrive and SharePoint.

exfiltration BEC

CloudSponge

CloudSponge allows you to export all contacts from an inbox. These contacts can be used as targets for phishing emails, allowing an email compromise campaign to spread more.

exfiltration BEC AddressBook

SigParser

SigParser is used to exfiltrate contacts and recipients from an account's address list, calendars, and email, allowing malicious email such as spam or phishing to easily target relevant recipients.

collecion exfiltration phishing BEC

Mail_Backup

Exports mailboxes for backup purposes, used by threat actors to exfiltrate email. This is the new name for PERFECTDATA SOFTWARE, representing a rebrand of the same malicious application.

exfiltration BEC backup