Analysis of a JavaScript-based Phishing Campaign Targeting Microsoft 365 Credentials
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated JavaScript-based credential harvesting campaign has been discovered, utilizing fake voicemail notifications to capture Microsoft 365 credentials. The attackers employ HTML smuggling, obfuscation, and encryption techniques to evade detection. The phishing emails contain PDF attachments with QR codes and HTM files with embedded JavaScript. The malicious code uses base64 encoding, CryptoJS for encryption, and dynamic URL generation to redirect victims to a fake Microsoft 365 login page. The campaign involves multiple stages, including CAPTCHA and media player mimicry, to increase legitimacy. This evolving threat poses significant challenges for automated detection and analysis systems.
OPENCTI LABELS :
phishing,microsoft 365,html smuggling,credential harvesting,voicemail lure,cryptojs
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analysis of a JavaScript-based Phishing Campaign Targeting Microsoft 365 Credentials