Security News > 2021 > April > Microsoft Office 365 phishing evades detection with HTML Lego pieces
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.
The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.
Using GCHQ's CyberChef, they revealed links to two JavaScript files hosted at "Yourjavascript.com," a domain used for other phishing campaigns.
Each of the two JavaScript files had two blocks of encoded text hiding HTML code, URL and Base64 encoded.
In all, the researchers decoded more than 367 lines of HTML code spread in five chunks among the two JavaScript files and one the email attachment, which, stacked together, built the Microsoft Office 365 phishing page.
Using an HTML attachment pointing to JavaScript code in a remote location and unique encoding, the cybercriminals are looking to avoid detection.
News URL
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft rolls out Office LTSC 2024 for Windows and Mac (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)