Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Tool Lets Attackers Easily Create Reply-chain Phishing Emails

New Tool Lets Attackers Easily Create Reply-chain Phishing Emails

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim’s inbox.

By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server.

Lowering the technical bar

Called “Email Appender,” the tool can enable more sophisticated phishing and business email compromise (BEC) attacks as well as help the less technical actors in the ransomware business.

Researchers at Gemini Advisory saw this utility advertised in October, from an actor that also provides a mass email service called “GetMailer Pro.”

Also Read: What is Pentest Report? Here’s A Walk-through


I offer you a tool for targeting mailings and extracting installations from IMAP databases
The software can put any email on your account with your content bypassing spam filters
The work of the software is limited only by your imagination and the availability of databases
The software is written in Node JS + GUI from bas
For the software to work, you will need valid IMAP databases mail: pass
full change of sender (whether paypal, blockchain or any Bank)
support for html messages of any format
support for sockets
it is possible to attach any attach
it is possible to randomize
it is possible to add your own it servers to the database

According to the advertisement and the tool’s site, the developer offers subscriptions for one day ($50), one week ($300), and one month ($1,000), which is double the prices for the email spam service.

Gemini Advisory told BleepingComputer that the price difference is likely accounted for by the fact that direct email injection is a more sophisticated technique than the standard spam techniques used by GetMailer.

While Email Appender’s method is not new, it provides a much simpler way to inject emails in a thread, enabling less technical actors to run more sophisticated attacks.

The tactic has been in use since at least 2017 in spear phishing attacks and later adopted in cybercriminal campaigns. Among the malware embracing this method are EmotetUrsnifValak, and QBot.

The tool preys on credential stuffing where passwords are reused on multiple services. Credential lists are neither difficult nor expensive to obtain these days.

If valid email credentials are on the list, the tool connects to the account through the Internet Message Access Protocol (IMAP) used to receive messages from a mail server.

“A unique feature of the IMAP protocol allows a properly authenticated user to append a message to their mailbox. An attacker, using this feature, can thus “implant” emails directly into the victim’s mailbox as opposed to sending them through traditional channels”

– Gemini Advisory

The researchers published a demo video from the advertiser showing how a even non-technical attackers could use it for successful compromise.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

The concerns stemming from the availability of this tool are obvious: phishing attacks are certain to be more successful, even against targets aware of the threat and in environments where spam detection systems do a good job.

With valid ‘Sender’ and ‘From’ fields, it is easy to bypass defenses and even trick a trained eye to deliver fraudulent messages and malware-laden emails that appear legitimate communication from a trusted sender.

One way to protect against this attack vector is to enable two/multi-factor authentication security feature, which validates the login after the user provides a supplemental code apart from the username and password.

Major email providers also issue alerts when an account is accessed from a different device or IP address than normal.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us