Graph: Growing number of threats leveraging Microsoft API


An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • ‘Crazy bad’ bug in Microsoft’s Windows malware scanner can be used to install malware

    May 9, 2017

    Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond’s anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center ...

  • Microsoft says: Lock down your software supply chain before the malware scum get in

    May 5, 2017

    Microsoft’s security team is urging developers to shore up their software update systems – after catching miscreants hijacking an editing application’s download channels to inject malware into victims’ PCs. In a security advisory, Redmond’s infosec gurus describe Operation WilySupply: their mission to find, isolate and destroy an unusual and highly targeted form of malicious code that ...

  • ShadowBrokers’ Windows Zero-Days Already Patched

    April 17, 2017

    Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. The biggest surprise was that the most recent updates came in March in a bulletin, MS17-010, ...

  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day

    April 10, 2017

    This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...

  • Credit card details and passwords of MILLIONS of users have been leaked online by Microsoft’s Docs.com

    March 28, 2017

    Credit card details, passwords and social security numbers are just some of the highly sensitive documents leaked by an online sharing site. Computer security researchers have revealed that Microsoft’s Docs.com is automatically sharing data – which users believed they were distributing privately among colleagues – with the public. Anyone using the site’s search engine can access this ...