Cyber criminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 users.
Researchers at MalwareHunterTeam noted that Static Web Apps have two features that are easily abused: custom branding for web apps and web hosting for static content such as HTML, CSS, JavaScript, or images.
These features have been used by threat actors to host static landing phishing pages, the researchers now say. These landing pages look almost identical to official Microsoft services, with the company logo and the Single SignOn (SSO) option that collects Office 365, Outlook, or other credentials.
Sneaky Tactics
Reporting on the findings, BleepingComputer says using Azure Static Web Apps to target Microsoft users is an “excellent tactic” because each landing page gets its own secure page padlock in the address bar, thanks to the *.1.azuresticapps.net wildcard TLS certificate.
With such a TLS certificate, even the most suspicious of victims can be misled.
It also makes landing pages suitable for targeting users on other platforms and other email providers, since victims can also be fooled by the fake security guarantee of the legitimate Microsoft TLS certificate.
When a person suspects a phishing attack, they usually check the URL they are invited to click on. Using Azure Static Web Apps renders this advice useless, as many will likely be fooled by azurestticapps.net into thinking the identity is legit, the publication concludes.
Azure Static Web Apps Microsoft’s tool that helps developers build and deploy full-stack web apps to Azure from a code repository.
Key features include web hosting for static content such as HTML, CSS, JavaScript, and images, integrated API support by Azure Functions, GitHub, and Azure DevOps integration, globally distributed static content, free, auto-renewal SSL certificates, custom domains to proprietary app customizations and others.
Microsoft is silent on the matter for now.
Via: BleepingComputer
