Hackers Abuse Microsoft Graph API to Evade Security Software Detection

Report unveils hackers using Microsoft Graph API within trojans to stealthily download malware from OneDrive, evading security software.

On May 7, 2024, the Symantec Threat Hunter team reported that numerous hackers are exploiting the Microsoft Graph API by embedding it into trojans. This manipulation allows malicious scripts previously stored on cloud services like Microsoft OneDrive to be automatically downloaded to the targeted devices.

Security experts have observed multiple hacker groups accelerating their intrusion processes using this API since January 2022. Recently, hackers have been disguising a trojan embedded with the Graph API as a notebook touchpad driver component (vxdiff.dll) to launch attacks.

Microsoft Graph API abused by hackers

The primary reason hackers utilize the Graph API is its ability to camouflage their activities, making it appear as if the compromised devices are communicating with Microsoft servers. This misleads security software into ignoring the invasion alerts.

Security personnel have also noted that services like Microsoft OneDrive provide hackers with a cost-effective and secure cloud hosting space, essentially free of charge.

Keep visiting for more such awesome posts, internet tips, lifestyle tips, and remember we cover,
“Everything under the Sun!”

inspire2rise 2024 refresh

Follow Inspire2rise on Twitter. | Follow Inspire2rise on Facebook. | Follow Inspire2rise on YouTube

A high school student deeply passionate about digital marketing, an adventurous trekker, and a dedicated explorer of specialized internet topics.


Learn more about  Philips Audio expands its product portfolio on Amazon Prime Day Sale
Hackers Abuse Microsoft Graph API to Evade Security Software Detection

Leave a Comment

Discover more from Inspire2Rise

Subscribe now to keep reading and get access to the full archive.

Continue reading