Hackers have found a clever new way to steal your Microsoft 365 credentials

Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 users.

MalwareHunterTeam researchers noted that static web applications have two features that are easily abused: branding for web applications and web hosting for static content such as HTML, CSS, JavaScript, or images.

These features have been used by threat actors to host static phishing landing pages, researchers now claim. These landing pages look almost identical to official Microsoft services, complete with company logo and Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials.

Sneaky Tactics

report on findings, BeepComputer states that using Azure Static Web Apps to target Microsoft users is a “great tactic” because each landing page gets its own secure page padlock in the address bar, due to the wildcard TLS certificate* .1.azurestticapps.net.

With such a TLS certificate, even the most suspicious victims could be tricked.

This also makes landing pages ideal for targeting users on other platforms and other email providers, as these victims could also be tricked by the fake security assurance of the legitimate Microsoft TLS certificate.

Usually, when someone suspects a phishing attack, they check the URL they are prompted to click. Using Azure Static Web Apps renders this advice useless, as many will most likely be tricked by azurestticapps.net into thinking the identity is legitimate, the post concludes.

Azure Static Web Apps Microsoft’s tool that helps developers build and deploy complete web applications to Azure from a code repository.

Its key features include web hosting for static content like HTML, CSS, JavaScript and images, built-in API support provided by Azure Functions, GitHub and Azure DevOps integration, static content distributed at scale worldwide, free and automatically renewed SSL certificates, custom domains to provide app customizations, and more.

Microsoft is silent on the issue, for now.

Via: BeepComputer

Comments are closed.