813-999-0631 info@tetratos.com
Microsoft Tech Support Scams Invade Azure Cloud Services

May 16, 2019

Tech support scams have always been a problem, but they typically were located on small web hosting services throughout the world. Researchers have now observed these scams increasingly moving towards the Microsoft Azure cloud platform for ease of deployment and inexpensive web hosting.

Microsoft Azure has a feature called App Services that allows you to quickly and easily mass deploy web sites to the cloud. When a web site is deployed in Azure, they will be hosted on the azurewebsites.net domain using names like my-app-name.azurewebsites.net.

When these sites were found, JayTHL has been reporting them to Microsoft using their abuse API. Unfortunately, due to the overwhelming amount of abuse reports Microsoft receives, these links can stay active for 4-5 days before Microsoft shuts them down.

This gives the scammers plenty of times to create new Azure accounts and mass deploy another batch of web sites to display tech support scams.

Mostly Apple and Microsoft tech support scams

When BleepingComputer examined some of the URLs shared by MalwareHunterTeam with us, we saw that all of these scams were pretending to be support sites for Microsoft and Apple.

When users visit these sites, JavaScript will check if the browser is on Windows or a macOS based on the browser’s useragent string. If the browser’s useragent contains the string ‘Mac’ it will redirect the user to a Mac tech support scam, otherwise it will display a Windows one.

One of the advantages of using Azure to host your site is that every web site is secured using a SSL certificate from Microsoft. This can make some users think that they are on a legitimate site owned and operated by Microsoft.

Many of these scam sites also utilize techniques to lock up the browser or prevent you from leaving the site. Therefore, to close these scams you typically have to close the tab, and if not possible, the browser process itself.

Phishing too

In addition to tech support scams, phishing sites are moving to Azure cloud services as well. As you can see below, a fake Microsoft account login screen is being hosted on azurewebsites.net.

Azure App Services is not the only Azure service being used to host phishing scams. Scammers are also utilizing Azure Blob Storage to store their phishing scams.

Sites hosted on blob storage will utilize the hostname .blob.core.windows.net and also take advantage of a Microsoft SSL certificate.

Related Articles

New Microsoft Excel Attack Surfaces

New Microsoft Excel Attack SurfacesResearchers have identified a security hole in Microsoft Office’s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems. A feature in Microsoft Office’s Excel spreadsheet program called Power...

Malicious URL attacks using HTTPS surge across the enterprise

Malicious URL attacks using HTTPS surge across the enterpriseCyberattacks launched against the enterprise which makes use of the HTTPS protocol are increasing alongside spoofing and cloud-based threats, new research suggests. According to FireEye's Q1 2019 Email...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This