Attackers can upload malicious files and share them to targets via WeTransfer's email servers. wetransfer.com validates the sender email before using it.
Attackers can upload data to wetransfer.com and share the link to themselves to download the exfiltrated data. Requires GUI access.
Attackers can keep their tools stored on wetransfer.com and when required, use the custom link to download.
Last Update: 2021-11-10