From thehackernews.com
Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes.
“By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves,” Netskope Threat Labs researcher Jan Michael Alcantara said.
“Additionally, a victim uses their Microsoft 365 account that they’re already logged-into when they open a Sway page, that can help persuade them about its legitimacy as well. Sway can also be shared through either a link (URL link or visual link) or embedded on a website using an iframe.”
The attacks have primarily singled out users in Asia and North America, with technology, manufacturing, and finance sectors being the most sought-after sectors.
Microsoft Sway is a cloud-based tool for creating newsletters, presentations, and documentation. It is part of the Microsoft 365 family of products since 2015.