New phishing attacks involving compromised Microsoft 365 accounts and encrypted restricted permission message, or RPMSG, files, are being leveraged by threat actors to facilitate the stealthy exfiltration of Microsoft credentials, according to BleepingComputer.
TrustWave researchers discovered that Talus Pay's compromised Microsoft 365 account had been used to deliver phishing emails with an encrypted message that lure targets into clicking the "Read the Message" button that would then redirect to an Office 365 webpage requesting their credentials.
Authentication would then be followed by the appearance of the phishing email that would redirect to a fraudulent SharePoint document, which would eventually result in the deployment of a malicious script with the capability to gather system data, including visitor IDs, system language, video card renderer information, connect token and hash, browser window details, device memory, installed browser plugins, OS architecture, and hardware concurrency, which are then sent to the threat actors' servers.
Organizations have been urged to implement multi-factor authentication and bolster user education efforts to avoid such a compromise.
Email security, Vulnerability Management
Microsoft credentials targeted new phishing attacks with RPMSG files
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds