Fake ‘Adobe Drive X’ App Sneaks Through Microsoft Login to Steal Credentials
Do Son 
A permission request from “Adobe Drive X”, a custom Microsoft 365 application controlled by the threat actor | Source: Cofense
Cofense’s Phishing Defense Center (PDC) has uncovered a phishing campaign that uses a legitimate Microsoft login page to trick users into granting access to a malicious “Adobe Drive X” application. This application then redirects victims to a fake Microsoft login page designed to steal their credentials.
The attack starts with a phishing email disguised as an Office 365 password reset request. The email contains a link that leads to a genuine Microsoft authentication page, making the attack appear more convincing. However, once users enter their credentials on this legitimate page, they are then prompted to grant permissions to a custom Microsoft 365 application called “Adobe Drive X”.
This is where the attackers’ cunning strategy comes into play. By requesting access through a seemingly harmless Adobe-related application, they exploit the user’s trust in both Microsoft and Adobe. The application requests access to the user’s email address and basic profile information, further adding to the facade of legitimacy.
If the user accepts these permissions, they are redirected to a credential phishing page designed to mimic a Microsoft login page. This page is not hosted on a Microsoft domain, but unsuspecting users might miss this crucial detail, especially after successfully logging in through the legitimate Microsoft page earlier.
“The threat actor likely placed this credential phishing attempt after a legitimate Microsoft 365 login page to catch users off guard,” Cofense explains in their report. “Less vigilant users might not verify the URL for the second login page and become victims of the credential phishing attack.”
Users should always scrutinize URLs, be wary of granting permissions to unknown applications, and report any suspicious activity.
Related Posts:
- Adobe released security update to address multiple security vulnerabilities
- Adobe releases the security updates to fix high-risk flaws in multiple products
- Adobe releases the security updates to fix Remote Code Execution/Arbitrary file deletion in multi products
- Crafty Infostealer Campaign Leverages Fake Adobe Reader Installer, Advanced Tricks to Evade Detection
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
