Hackers Using Website’s Contact Forms to Deliver IcedID Malware

Microsoft has warned organizations of a “unique” attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what’s yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.
“The emails instruct recipients to click a link to review