Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data
<p>We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded.</p>
These “mailers” allow bad actors to send unwanted emails from your domain, and can be triggered through the misuse of a vulnerable extension or leftover backdoor malware scripts.
The $_POST Mail Came from the “Boss”
During a recent investigation, we stumbled upon a very simple mailer that got our attention – not because it was very interesting from code perspective, but because of the Subject that was used.