Recent searches

No recent searches

Search options

Not available on dice.camp.
dice.camp is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon server for RPG folks to hang out and talk. Not owned by a billionaire.

Administered by:

Server stats:

1.6K
active users

dice.camp: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#credentialharvesting

0 posts0 participants0 posts today
OTX Bot

Analysis of a JavaScript-based Phishing Campaign Targeting Microsoft 365 Credentials

A sophisticated JavaScript-based credential harvesting campaign has been discovered, utilizing fake voicemail notifications to capture Microsoft 365 credentials. The attackers employ HTML smuggling, obfuscation, and encryption techniques to evade detection. The phishing emails contain PDF attachments with QR codes and HTM files with embedded JavaScript. The malicious code uses base64 encoding, CryptoJS for encryption, and dynamic URL generation to redirect victims to a fake Microsoft 365 login page. The campaign involves multiple stages, including CAPTCHA and media player mimicry, to increase legitimacy. This evolving threat poses significant challenges for automated detection and analysis systems.

Pulse ID: 67c76948c1381d8741fff9f8
Pulse Link: otx.alienvault.com/pulse/67c76
Pulse Author: AlienVault
Created: 2025-03-04 20:57:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CAPTCHA#CredentialHarvesting#CyberSecurity
TrendingLive feeds
About