New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API

To protect against sophisticated malware threats like FINALDRAFT, organizations should regularly monitor Microsoft Graph API usage for any suspicious activity and implement stringent access controls, restricting access to Outlook and the API to only necessary personnel. The use of the Microsoft Graph API for C2 communications shows the critical need for enhanced security measures to protect against such sophisticated threats. Deploying advanced endpoint security solutions can help detect and prevent malware execution, while conducting regular security audits ensures potential vulnerabilities are identified and addressed. The malware obtains a Microsoft Graph API token using a refresh token stored in its configuration. A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. It uses the Microsoft Graph API to communicate with its command and control (C2) server. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 10:25:21 +0000

Cyber News related to New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API

Introducing ThreatCloud Graph: A Multi-Dimensional Perspective on Cyber Security - In the face of complex and sophisticated cyber threats, enterprises struggle to stay ahead. Addressing this core challenge, Check Point introduces ThreatCloud Graph, focused on proactive prevention of emerging threats. This groundbreaking feature ...
1 year ago Blog.checkpoint.com

Microsoft says button to restore classic Outlook is broken - Since the beginning of the year, it has addressed other Outlook issues, including one that causes classic Outlook to crash when writing, replying to, or forwarding an email, and another one that led to Classic Outlook and Microsoft 365 applications ...
3 days ago Bleepingcomputer.com

New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API - To protect against sophisticated malware threats like FINALDRAFT, organizations should regularly monitor Microsoft Graph API usage for any suspicious activity and implement stringent access controls, restricting access to Outlook and the API to only ...
1 month ago Cybersecuritynews.com

Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over - Prolific Iranian advanced persistent threat group OilRig has repeatedly targeted several Israeli organizations throughout 2022 in cyberattacks that were notable for leveraging a series of custom downloaders that use legitimate Microsoft cloud ...
1 year ago Darkreading.com OilRig

Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com

Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
1 year ago Bleepingcomputer.com

Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
1 year ago Securityboulevard.com

New FinalDraft malware abuses Outlook mail service for stealthy comms - A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. The attack begins with the threat actor compromising the targer's system with ...
1 month ago Bleepingcomputer.com

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
1 year ago Techtarget.com CVE-2023-35384 CVE-2023-36710 CVE-2023-23397 CVE-2023-29324

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
2 weeks ago Cybersecuritynews.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
8 months ago Pandasecurity.com

Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
1 year ago Bleepingcomputer.com

Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
1 year ago Bleepingcomputer.com CVE-2023-35636

Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
1 year ago Darkreading.com

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
11 months ago Pandasecurity.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
10 months ago Cybersecurity-insiders.com