![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[DEALS] The All-in-One Microsoft Office Pro 2019 for Windows: Lifetime License + Windows 11 Pro Bundle (89% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Is this too much for a modular monolith system? [closed]](https://i.sstatic.net/pYL1nsfg.png)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![What features do you get with Gemini Advanced? [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/02/gemini-advanced-cover.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Official Trailer for 'Long Way Home' Starring Ewan McGregor and Charley Boorman [Video]](https://www.iclarified.com/images/news/97069/97069/97069-640.jpg)
![Apple Watch Series 10 Back On Sale for $299! [Lowest Price Ever]](https://www.iclarified.com/images/news/96657/96657/96657-640.jpg)
![EU Postpones Apple App Store Fines Amid Tariff Negotiations [Report]](https://www.iclarified.com/images/news/97068/97068/97068-640.jpg)
![Apple Slips to Fifth in China's Smartphone Market with 9% Decline [Report]](https://www.iclarified.com/images/news/97065/97065/97065-640.jpg)
Hackers Weaponize Gamma Tool Via Cloudflare Turnstile to Steal Microsoft Credentials
Cybersecurity experts have uncovered a sophisticated multi-stage phishing campaign that exploits Gamma, an AI-powered presentation tool, to deliver credential-harvesting attacks targeting Microsoft account users. This newly identified attack chain demonstrates how threat actors are increasingly leveraging legitimate platforms to bypass security controls and deceive unsuspecting victims. The attack begins with a seemingly innocuous email sent […] The post Hackers Weaponize Gamma Tool Via Cloudflare Turnstile to Steal Microsoft Credentials appeared first on Cyber Security News.
Cybersecurity experts have uncovered a sophisticated multi-stage phishing campaign that exploits Gamma, an AI-powered presentation tool, to deliver credential-harvesting attacks targeting Microsoft account users.
This newly identified attack chain demonstrates how threat actors are increasingly leveraging legitimate platforms to bypass security controls and deceive unsuspecting victims.
The attack begins with a seemingly innocuous email sent from a compromised legitimate account, typically belonging to a trusted individual or organization.
The message contains what appears to be a PDF attachment but is actually a hyperlink.
When clicked, this link redirects victims to a professionally crafted presentation hosted on Gamma’s platform, complete with organizational branding and a prominent call-to-action button labeled as “View PDF” or “Review Secure Documents.”
Upon clicking this button, victims are directed to an intermediary page featuring Microsoft branding and protected by Cloudflare Turnstile, a CAPTCHA-free bot detection mechanism.
This addition serves a dual purpose: preventing automated security tools from analyzing the malicious content while simultaneously increasing the perceived legitimacy of the page.
Abnormal Security researchers identified this campaign as part of a growing trend of “living-off-trusted-sites” (LOTS) attacks, where threat actors exploit legitimate services to host malicious content.
“What makes this campaign particularly dangerous is its use of Gamma, a relatively new platform that employees may not recognize as a potential vector for phishing attacks,” noted the security team.
The infection chain concludes at a convincing replica of a Microsoft SharePoint login portal, where the page design mimics Microsoft’s UI patterns with a modal-style login window overlaid on a blurred background.
.webp)
Analysis suggests the implementation of an adversary-in-the-middle (AiTM) framework that validates credentials in real-time against Microsoft’s servers, as evidenced by accurate error messages for incorrect passwords.
The AiTM technique enables attackers to not only harvest credentials but also capture session cookies, potentially allowing them to bypass multi-factor authentication protections.
This sophisticated approach demonstrates how modern phishing campaigns have evolved beyond simple credential harvesting to implement complex technical mechanisms that can circumvent even robust security measures.
.webp)
This campaign highlights the growing sophistication of phishing attacks and emphasizes the need for organizations to implement advanced security solutions that can detect context-based threats rather than relying solely on traditional indicators of compromise.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post Hackers Weaponize Gamma Tool Via Cloudflare Turnstile to Steal Microsoft Credentials appeared first on Cyber Security News.
.webp?#)