Zoho Office Suite Phishing Malware Affects Over 30 Million Users

Last updated June 23, 2021
Written by:
Nitish Singh
Nitish Singh
Tech News Writer
Source: Zoho

Security researchers from Cofense revealed that popular online office suite Zoho is infected with malware. 40% of all known phishing attacks last month were linked to Zoho email addresses to steal data from users, making it one of the most widespread security issues in the world.

Zoho Phishing Campaign

Image Courtesy of Cofense

Security researchers from Cofense revealed that free accounts were used to receive stolen data from keyloggers as well as initiate the data exfiltration process. Anyone can connect to the Zoho SMTP servers was able to see the email activity. Attackers needed special techniques to intercept all of the email traffic and decrypt it to steal data.

The popular online office suite platform experiences over 30 million users, especially by professional organizations making it one of the best targets for phishing. The keyloggers were able to steal screenshots, passwords, browser histories and of course keystrokes.

Darrell Rendell, principal intelligence analyst, stated “They’re a software-as-a-service (SaaS) solution, and as we’ve seen cloud-based organizations are a major target for threat actors because of the sheer number of, and variance in, their end-user demographics. For example: If a platform has 30 million+ users, even if a tiny fraction of a percent have their accounts compromised, it generates a huge command-and-control footprint for the threat actors.”

Zoho does not have strict security features in place, making it one of the easier targets for cybercriminals. Threats were able to automate the account creation process, and with features like two-factor authentication missing, it allowed phishing malware to take over the platform with ease.

Zoho faced a similar security issue in the past and had promised to outline plans to fix its flaws. However, the company failed to do so, allowing a large number of phishing campaigns to run riot on the platform putting tens of millions of users at risk when using the cloud-based office suite. Phishing campaigns are on the rise and even responsible users who use strong passwords and implement security features are being affected due to negligence from services.

What do you think about the large-scale phishing campaigns on Zoho? Let us know in the comments below. And, make sure to follow us on Facebook and Twitter for the latest updates. Thanks!



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: