Microsoft Graph API is abused by hackers to avoid security software monitoring

Recently, Symantec's Threat Hunter Team released a report. The report shows that a large number of hackers are abusing Microsoft's Graph API. These hackers embed the relevant API into the Trojan Software Medium, so that the affected equipment can automatically download Malicious script stored on Microsoft OneDrive and other cloud services.

Security personnel said that since January 2022, they have observed that many hacker organizations use this related API to speed up the invasion process. Recently, hackers used a "BirdyClient" trojan embedded with the Graph API to disguise it as a laptop touchpad drive Program DLL library file vxdiff.dll.

Security personnel pointed out that the reason why hackers use the Graph API is that it can use relevant communication services to "hide itself", so that the security software thinks that the device is communicating with Microsoft servers, so that the victim will not be reminded of the intrusion of the device. In addition, "OneDrive and other services are basically free", so it is a cheap and safe cloud hosting space for hackers.

To sum up, in the current situation, network security has become a factor that cannot be ignored. We need to be vigilant at all times and take necessary measures to protect our equipment and data from hackers.

This article is an original article. If it is reproduced, please indicate the source: Microsoft Graph API is abused by hackers to avoid security software monitoring https://dcdv.zol.com.cn/870/8700792.html