Microsoft Azure's Static Web Apps service is being exploited by phishing attacks to acquire Microsoft, Office 365, Outlook, and OneDrive passwords.
Azure Static Web Apps is a Microsoft tool that allows to build and deploy full-stack web apps to Azure using code via GitHub or Azure DevOps.
MalwareHunterTeam, a security expert, uncovered the campaign. Attackers might imitate custom branding and website hosting services to install static landing phishing sites, according to the study.
Users using Microsoft, Office 365, Outlook, and OneDrive services are being targeted by attackers who are actively mimicking Microsoft services.
Several of the web pages and login pages in these phishing attempts are nearly identical to official Microsoft pages.
Azure Static Web Apps is a program that uses a code repository to build and publish full-stack apps to Azure.
Azure Static Apps has a process that is customized to a developer's everyday routine. Code changes are used to build and distribute apps.
Azure works exclusively with GitHub or Azure DevOps to watch a branch of their choice when users establish an Azure Static Web Apps resource. A build is automatically done, and your app and API are published to Azure every time they post patches or allow codes into the watched branch.
Targeting Microsoft users with the Azure Static Web App service is a great strategy. Because of the *.1.azurestaticapps.net wildcard TLS certificate, each landing page gets its own secure page padlock in the address bar.
After seeing the certificate granted by Microsoft Azure TLS Issuing CA 05 to *.1.azurestaticapps.net, even the most skeptical targets will be fooled, certifying a fraud site as an official Microsoft login screen in the eyes of potential victims.
Due to the artificial veil of security supplied by the legitimate Microsoft TLS certs, such landing sites are also useful when targeting users of other platforms, such as Rackspace, AOL, Yahoo, or other email providers.
When trying to figure out if one is being targeted by a phishing assault, the typical advice is to double-check the URL whenever we're asked to enter one's account credentials in a login.
Unfortunately, phishing efforts that target Azure Static Web Apps render this advice nearly useless, since many users will be fooled by azurestaticapps.net subdomain and genuine TLS certificate.