Security News > 2021 > April > Microsoft Office 365 phishing evades detection with HTML Lego pieces
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.
The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.
Using GCHQ's CyberChef, they revealed links to two JavaScript files hosted at "Yourjavascript.com," a domain used for other phishing campaigns.
Each of the two JavaScript files had two blocks of encoded text hiding HTML code, URL and Base64 encoded.
In all, the researchers decoded more than 367 lines of HTML code spread in five chunks among the two JavaScript files and one the email attachment, which, stacked together, built the Microsoft Office 365 phishing page.
Using an HTML attachment pointing to JavaScript code in a remote location and unique encoding, the cybercriminals are looking to avoid detection.
News URL
Related news
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)