Security News > 2021 > April > Microsoft Office 365 phishing evades detection with HTML Lego pieces
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.
The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.
Using GCHQ's CyberChef, they revealed links to two JavaScript files hosted at "Yourjavascript.com," a domain used for other phishing campaigns.
Each of the two JavaScript files had two blocks of encoded text hiding HTML code, URL and Base64 encoded.
In all, the researchers decoded more than 367 lines of HTML code spread in five chunks among the two JavaScript files and one the email attachment, which, stacked together, built the Microsoft Office 365 phishing page.
Using an HTML attachment pointing to JavaScript code in a remote location and unique encoding, the cybercriminals are looking to avoid detection.
News URL
Related news
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft releases emergency update to fix Office 2016 crashes (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)
- Microsoft will update Office apps on Windows 10 until 2028 (source)