Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 users.
Researchers from MalwareHunterTeam noted Static Web Apps have two features that are being abused with ease – custom branding for web apps, and web hosting for static content such as HTML, CSS, JavaScript, or images.
These features have been used by threat actors to host static landing phishing pages, the researchers are now saying. These landing pages look almost identical to official Microsoft services, with the company logo, and the Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials.