Microsoft Seizes Domains used in Coronavirus Phishing Scam. The seize orders came after the domains were discovered to phish users of Office 365 Users.

Microsoft Seizes Six Domains!

Domains seized by Microsoft
Domains seized by Microsoft

Microsoft has seized six domains that were targeting the company’s customers since December 2019. The two-man operation sent emails to companies that hosted email servers and enterprise infrastructure on Microsoft’s Office 365 cloud service.

Microsoft said that it suspects there are at least two people behind this phishing activity. The company noticed that the initial attacks on the organization started with business-related topics, but they soon turned to emails containing coronavirus-themed documents once it became a pandemic.

As of now, the domains have been seized, and have Microsoft has taken control of them after the court gave them the green signal to. All of the domains were brought from Namecheap and were hosted in the United States of America. The sites now show a blank page than downloading malware to the user’s computer.

The emails were spoofed to look like they were sent from a trusted business partner or an office colleague. The emails were unique as they were redirected to install a malicious third-party Office 365 app created by the hackers.

Malicious Application Requesting Permissions
Malicious Application Requesting Permissions

The malicious application when installed gave hackers full access to the victim’s Office 365 account, its settings, the user’s files, the content of their emails, contact lists, notes, and others. The malware took the OAuth2 token instead of the usual passwords that hackers steal.

Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, said that the malicious applications were used to make BEC attacks. Business Email Compromise are which hackers send emails to businesses posing as staff, senior management, or trusted business associates, asking victims to make financial transactions that usually end up in the bank accounts of the attacker.

Leave A Reply

Please enter your comment!
Please enter your name here