Cybercriminals Exploit GetShared Platform to Deliver Malware While Evading Security Measures

30.04.2025

Cybercriminals have recently begun exploiting the legitimate file-sharing platform GetShared as a new method for distributing malware and launching phishing campaigns. By leveraging the platform’s trusted reputation, attackers are able to bypass traditional email security systems, which often allow notifications from known services to pass through unchecked.

The attack typically starts with a user receiving a genuine-looking email notification from GetShared, informing them that a file has been shared. These emails often reference business-related content, using names like “DESIGN LOGO.rar” to appear credible. The emails are formatted with authentic branding, making them difficult to distinguish from legitimate communication.

In many cases, the message content includes common phishing tactics, such as inquiries about pricing, shipping timelines, or payment details, which help to reinforce the illusion of a legitimate business interaction. Security researchers from Kaspersky discovered this tactic after analyzing reports from users who had received suspicious notifications.

The method’s effectiveness lies in its ability to exploit GetShared’s file-hosting functions. When victims click the provided download link, they are taken to the actual GetShared platform where a malicious file may be hosted. In some instances, the attackers use text files containing follow-up instructions, relying on social engineering to deepen the compromise, often in multiple stages to evade automated detection tools.

The payloads delivered through this method vary, from executable malware files to documents that appear harmless but execute malicious scripts upon opening. As threat actors continue to refine their methods to evade improved defenses, experts recommend combining staff awareness training with behavior-based endpoint protection, rather than relying solely on signature-based tools.