Vade, a provider of email security and threat detection services, has released a report on a recently discovered phishing attack that involves the spoofing of the Microsoft 365 authentication system.

According to Vade’s Threat Intelligence and Response Center (TIRC), the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.

TIRC researchers decoded the base64-encoded string when analyzing a malicious domain and obtained results related to Microsoft 365 phishing attacks. Researchers noted that requests for phishing applications were made to eevilcorponline.

Its source code, found via periodic-checkerglitchme, was similar to the attachment’s HTML file, indicating that phishers are leveraging to host malicious HTML pages. is a platform that enables users to create and host web applications, websites, and various online projects. Unfortunately, in this instance, the platform is being exploited to host domains involved in the ongoing Microsoft 365 phishing scam.

The attack begins when the victim receives an email containing a malicious HTML file as an attachment. When the victim opens the file, a phishing page masquerading as Microsoft 365 is launched in their web browser. On this deceptive page, the victim is prompted to enter their credentials, which the attackers promptly gather for malicious purposes.