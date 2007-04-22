Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.

Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

It allows developers to use custom domains for branding web apps, and it provides web hosting for static content such as HTML, CSS, JavaScript, and images.

As security researcher MalwareHunterTeam discovered, threat actors have also noticed that the custom branding and the web hosting features can easily be used to host static landing phishing pages.

Attackers are now actively using Microsoft's service against its customers, actively targeting users with Microsoft, Office 365, Outlook, and OneDrive accounts.

As shown below, some of the landing pages and login forms used in these phishing campaigns look almost exactly like official Microsoft pages.