New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API

To protect against sophisticated malware threats like FINALDRAFT, organizations should regularly monitor Microsoft Graph API usage for any suspicious activity and implement stringent access controls, restricting access to Outlook and the API to only necessary personnel. The use of the Microsoft Graph API for C2 communications shows the critical need for enhanced security measures to protect against such sophisticated threats. Deploying advanced endpoint security solutions can help detect and prevent malware execution, while conducting regular security audits ensures potential vulnerabilities are identified and addressed. The malware obtains a Microsoft Graph API token using a refresh token stored in its configuration. A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. It uses the Microsoft Graph API to communicate with its command and control (C2) server. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 10:25:21 +0000

Cyber News related to New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API

Introducing ThreatCloud Graph: A Multi-Dimensional Perspective on Cyber Security - In the face of complex and sophisticated cyber threats, enterprises struggle to stay ahead. Addressing this core challenge, Check Point introduces ThreatCloud Graph, focused on proactive prevention of emerging threats. This groundbreaking feature ...
1 year ago Blog.checkpoint.com

Microsoft says button to restore classic Outlook is broken - Since the beginning of the year, it has addressed other Outlook issues, including one that causes classic Outlook to crash when writing, replying to, or forwarding an email, and another one that led to Classic Outlook and Microsoft 365 applications ...
8 months ago Bleepingcomputer.com

New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API - To protect against sophisticated malware threats like FINALDRAFT, organizations should regularly monitor Microsoft Graph API usage for any suspicious activity and implement stringent access controls, restricting access to Outlook and the API to only ...
9 months ago Cybersecuritynews.com

Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com

Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over - Prolific Iranian advanced persistent threat group OilRig has repeatedly targeted several Israeli organizations throughout 2022 in cyberattacks that were notable for leveraging a series of custom downloaders that use legitimate Microsoft cloud ...
1 year ago Darkreading.com OilRig

Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
1 year ago Bleepingcomputer.com

Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
1 year ago Securityboulevard.com

Microsoft fixes button that restores classic Outlook client - Since the start of the year, it has fixed other Outlook issues, including one that led to Classic Outlook and Microsoft 365 applications crashing on Windows Server 2016 or Windows Server 2019 systems and another one that triggers classic Outlook ...
8 months ago Bleepingcomputer.com

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
1 year ago Techtarget.com CVE-2023-35384 CVE-2023-36710 CVE-2023-23397 CVE-2023-29324

New FinalDraft malware abuses Outlook mail service for stealthy comms - A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. The attack begins with the threat actor compromising the targer's system with ...
9 months ago Bleepingcomputer.com

Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
1 year ago Bleepingcomputer.com

Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
1 year ago Bleepingcomputer.com CVE-2023-35636

Microsoft warns of CPU spikes when typing in classic Outlook - In recent months, the company also addressed a slew of other Microsoft 365 and Office issues, including a widespread licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions and a bug triggering Outlook ...
7 months ago Bleepingcomputer.com

Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
1 year ago Darkreading.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
1 year ago Cysecurity.news

Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
1 year ago Bleepingcomputer.com

Microsoft fixes Outlook drag-and-drop broken by Windows updates - "After installing the January 2025 Windows non-security preview update and subsequent updates on devices running Windows 11, version 24H2, you may find that you are not able to drag and drop emails or calendar items to folders in classic Outlook," ...
9 months ago Bleepingcomputer.com

Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
1 year ago Imperva.com

That time I broke into an API and became a billionaire - This included an internal API with a dependency on a third-party banking API. We'll get to the banking API later in this story. That's all thanks to developers embracing agile development, microservices, and API gateway redirection that exposed ...
1 year ago Securityboulevard.com

CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
1 year ago

CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
1 year ago

Strela Stealer Malware Attacking Microsoft Outlook Users To Steal Login Credentials - The Strela Stealer, named after the Russian word for “Arrow,” has been actively targeting systems since late 2022, with a precise focus on exfiltrating email credentials from both Microsoft Outlook and Mozilla Thunderbird email clients. ...
8 months ago Cybersecuritynews.com

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
9 months ago Cybersecuritynews.com