Microsoft Sway abused in massive QR code phishing campaign

Teilen:

​A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.

The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing pages that steal Microsoft 365 credentials. This surge sharply contrasts the minimal activity reported during the year’s first half, showing the large scale of this campaign.

They primarily targeted users in Asia and North America, with the technology, manufacturing, and finance sectors being the most sought-after targets.

The emails redirected potential victims to phishing landing pages hosted on the sway.cloud.microsoft domain, pages that encouraged the targets to scan QR codes that would send them to other malicious websites.

Attackers often encourage victims to scan QR codes using their mobile devices, which typically come with weaker security measures, thus increasing the chances of bypassing security controls and allowing them to access phishing sites without restrictions.

“Since the URL is embedded inside an image, email scanners that can only scan text-based content can get bypassed. Additionally, when a user gets sent a QR code, they may use another device, such as their mobile phone, to scan the code,” the security researchers explained.

“Since the security measures implemented on mobile devices, particularly personal cell phones, are typically not as stringent as laptops and desktops, victims are then often more vulnerable to abuse.”

The attackers employed several tactics to further boost their campaign’s effectiveness, like transparent phishing, where they stole the credentials and multi-factor authentication codes and used them to sign the victims into their Microsoft accounts while showing them the legitimate login page.

They also used Cloudflare Turnstile, a tool intended to protect websites from bots, to hide their landing pages’ phishing content from static scanners, helping to maintain the phishing domain’s good reputation and avoid getting blocked by web filtering services like Google Safe Browsing.

Microsoft Sway was also abused in the PerSwaysion phishing campaign, which targeted Office 365 login credentials five years ago using a phishing kit offered in a malware-as-a-service (MaaS) operation.

As Group-IB security researchers revealed at the time, those attacks tricked at least 156 high-ranking individuals at small and medium financial services companies, law firms, and real estate groups.

Group-IB said that over 20 of all harvested Office 365 accounts belong to executives, presidents, and managing directors at organizations in the U.S., Canada, Germany, the U.K., the Netherlands, Hong Kong, and Singapore.

Sergiu Gatlan

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
1:18 am, Juli 4, 2025
Wetter-Symbol 17°C
L: 16° | H: 18°
aufgelockerte Bewölkung
Luftfeuchtigkeit: 54 %
Druck: 1028 mb
Wind: 3 mph NW
Windböe: 7 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 27%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:49 am
Sonnenuntergang: 9:19 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
16° | 18°°C 0 mm 0% 13 mph 57 % 1028 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
15° | 17°°C 1 mm 100% 11 mph 94 % 1021 mb 0 mm/h
So. Juli 06 10:00 pm
Wetter-Symbol
15° | 19°°C 0.63 mm 63% 11 mph 91 % 1010 mb 0 mm/h
Mo. Juli 07 10:00 pm
Wetter-Symbol
13° | 19°°C 0.5 mm 50% 13 mph 73 % 1015 mb 0 mm/h
Di. Juli 08 10:00 pm
Wetter-Symbol
13° | 25°°C 0 mm 0% 10 mph 79 % 1020 mb 0 mm/h
Today 4:00 am
Wetter-Symbol
13° | 16°°C 0 mm 0% 5 mph 54 % 1028 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
16° | 17°°C 0 mm 0% 4 mph 57 % 1028 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
21° | 21°°C 0 mm 0% 6 mph 44 % 1028 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
25° | 25°°C 0 mm 0% 8 mph 30 % 1026 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
27° | 27°°C 0 mm 0% 12 mph 26 % 1023 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
24° | 24°°C 0 mm 0% 13 mph 26 % 1022 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 10 mph 41 % 1022 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 10 mph 52 % 1021 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€93,150.94
0.59%
Ethereum(ETH)
€2,202.61
0.68%
Fesseln(USDT)
€0.85
-0.01%
XRP(XRP)
€1.92
1.01%
Solana(SOL)
€129.63
0.01%
USDC(USDC)
€0.85
0.01%
Dogecoin(DOGE)
€0.146249
1.67%
Shiba Inu(SHIB)
€0.000010
0.64%
Pepe(PEPE)
€0.000008
0.17%
Nach oben scrollen