The Indian online office suite is reportedly being abused on a massive scale to exfiltrate data from compromised machines.
Researchers have uncovered a keylogger phishing campaign which abuses Zoho in order to spread and exfiltrate data from victim devices.
The Indian company’s domain was suspended briefly in September, the researchers said in a blog post. This was due to an “insufficient response” to the reported abuse.
Zoho’s registrar, TierraNet, took down the domain, seemingly surprising Zoho with the move — to the point that the company took to Twitter to plead for help in resuming service.
Read more here