Azure Static Web Apps exploited for credential exfiltration

Malicious actors have launched phishing attacks exploiting Microsoft Azure's Static Web Apps service to exfiltrate Microsoft, Outlook, Office365, and OneDrive account credentials, according to BleepingComputer. Attackers have used the Azure Static Web Apps platform to create fake landing pages and login forms resembling official Microsoft pages, said MalwareHunterTeam. MalwareHunterTeam noted that the *.1.azurestaticapps.net wildcard TLS certificate enables all landing pages to obtain their own secure page padlock in the address bar, potentially deceiving even the most suspicious targets. Such detail in the landing pages also enables threat actors to target users of Yahoo, AOL, Rackspace, and other email providers. While users could identify phishing campaigns by checking the URL of the pages they visit, such advice is nearly worthless under the new phishing scheme. The new phishing campaign follows the prior use of Microsoft Azure Blob Storage's *.blob.core.windows.net wildcard certificate to target users of Outlook and Office 365, BleepingComputer reports.