Microsoft Visio files used to carry out dangerous phishing attacks

Crooks are embedding malicious links in Microsoft Visio files
The files are distributed via compromised email accounts
The goal of the campaign is to steal Microsoft 365 login credentials

Security researchers from Perception Point have spotted a new two-step phishing campaign aiming to steal people’s Microsoft 365 login credentials. It includes compromised email accounts, compromised SharePoint accounts, and some convincing – but fake – purchase orders.

The attack starts with a hacked Microsoft SharePoint account, where the criminals would upload a file using Microsoft Visio – the company’s tool for making professional diagrams and charts, creating files with the .VSDX extension.

The crooks would embed a malicious URL in this file leading to a fake Microsoft 365 login page. Victims that make it this far usually try to log into their accounts, thus sharing the login credentials with the attackers.

Abusing people’s email accounts

Then, the attackers would compromise someone’s email account, and use it to distribute the phishing messages. Since these emails would be coming from otherwise legitimate sources, they are very likely to make it past any email security protections. The body of the message itself is your usual phishing content, sharing a fake purchase order, or something similar.

In some cases, the crooks would also share another email message as an attachment (.EMI files), all in an attempt to hide the malicious intent lurking in the SharePoint account. When it comes to obfuscations, the crooks added another layer in the Visio file itself – the call to action leading to the fake login page can only be clicked while holding the Control (CTRL) button on the keyboard.

“Asking for the Ctrl key press input relies on a simple interaction that a human user can perform, effectively bypassing automated systems that are not designed to replicate such behaviors,” Perception Point explained in its research.

We don’t know exactly how many companies were targeted, or fell victim to this attack, but the researchers claim they are in the hundreds, and are located all around the world.

https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1200-80.jpeg

Source link

I wasted my day on Bluesky Social and no, I’m not sorry

This devious new malware is going after macOS users with a whole barrel of tricks

The best Black Friday TV deal is still in stock at Best Buy – hurry before it sells out

Key Insights & How Enterprises Should Adapt

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Microsoft Visio files used to carry out dangerous phishing attacks

I wasted my day on Bluesky Social and no, I’m not sorry

This devious new malware is going after macOS users with a whole barrel of tricks

The best Black Friday TV deal is still in stock at Best Buy – hurry before it sells out

Key Insights & How Enterprises Should Adapt

Leave a reply Cancel reply