Dropbox used by hackers to "spread" dangerous malware

Blue padlocks with one red padlock representing security hole

Online storage service Dropbox is being used to host viruses and malware as its links lend scammers an air of credibility.

According to anti-phishing site PhishMe, emails featuring Dropbox links are on the rise, as the company’s name lulls victims into a false sense of security.

Emails sent by the criminals follow a distinct pattern, says PhishMe. Their subject matter always concerns pressing financial issues, such as invoice payment or tax returns.

Included with each email is a link asking the victim to download a file to start claiming the money back. The .zip file including the malware is hosted on Dropbox, something that could convince otherwise security-conscious people to download the file.

Once the program is run, the ransomware, named “CryptoWall”, locks away important files on the victim’s computer before demanding payment to release them again.

Users are then given a “unique” URL code that directs them to a CAPTCHA test and bitcoin donation page.

If the ransom of $500 (£293) isn’t paid within the time limit, it doubles. According to PhishMe, unfortunate victims have lost thousands of files to the virus already, with one user in Greece losing some 32,000 alone.

The authors of CryptoWall have earned $62,000 (£36,000) from around 500,000 victims, it is claimed.

PhishMe added that attackers have been making money hand-over-fist from scamming people with ransomware, victims shouldn't be blamed.

“While the attackers are valuing your data at $500 or $1000, what is the true price of your pictures or documents? For an enterprise, what is the price of a network share of data, and what could be lost?”

Dropbox users have in the past leaked their own data without even knowing it, by pasting download links into their browser search bars.

"We're aware of the issue and will revoke the ability to share links from accounts that violate our acceptable use policy," a company spokesperson told Cloud Pro. "We will act quickly in response to abuse reports and are constantly improving how we detect and prevent Dropbox users from sharing spam, malware or phishing links."

In the meantime, Dropbox asked users to remain vigilant when receiving links from people they don't know, even of those links are hosted on its service or of its competitors.