Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 users.
These features have been used by threat actors to host static phishing landing pages, researchers now claim. These landing pages look almost identical to official Microsoft services, complete with company logo and Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials.
report on findings, BeepComputer states that using Azure Static Web Apps to target Microsoft users is a “great tactic” because each landing page gets its own secure page padlock in the address bar, due to the wildcard TLS certificate* .1.azurestticapps.net.
With such a TLS certificate, even the most suspicious victims could be tricked.
This also makes landing pages ideal for targeting users on other platforms and other email providers, as these victims could also be tricked by the fake security assurance of the legitimate Microsoft TLS certificate.
Usually, when someone suspects a phishing attack, they check the URL they are prompted to click. Using Azure Static Web Apps renders this advice useless, as many will most likely be tricked by azurestticapps.net into thinking the identity is legitimate, the post concludes.
Azure Static Web Apps Microsoft’s tool that helps developers build and deploy complete web applications to Azure from a code repository.
Microsoft is silent on the issue, for now.