Vade, a provider of email security and threat detection services, has released a report on a recently discovered phishing attack that involves the spoofing of the Microsoft 365 authentication system.
According to Vade’s Threat Intelligence and Response Center (TIRC), the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.
TIRC researchers decoded the base64-encoded string when analyzing a malicious domain and obtained results related to Microsoft 365 phishing attacks. Researchers noted that requests for phishing applications were made to eevilcorponline.