Phishing Uses Azure Static Web Pages to Impersonate Microsoft

by
Fnord666
from SoylentNews on (#5XZ5G)

upstart writes:

Phishing uses Azure Static Web Pages to impersonate Microsoft:

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.

Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

It allows developers to use custom domains for branding web apps, and it provides web hosting for static content such as HTML, CSS, JavaScript, and images.

As security researcher MalwareHunterTeam discovered, threat actors have also noticed that the custom branding and the web hosting features can easily be used to host static landing phishing pages.

Attackers are now actively using Microsoft's service against its customers, actively targeting users with Microsoft, Office 365, Outlook, and OneDrive accounts.

As shown below, some of the landing pages and login forms used in these phishing campaigns look almost exactly like official Microsoft pages.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments