The ONNX Store, a newly emerged phishing-as-a-service (PhaaS) platform, is actively targeting Microsoft 365 accounts at financial institutions. Disguised as HR communications, the phishing emails include PDF attachments with malicious QR codes. These QR codes bypass phishing protections and direct victims to a fake Microsoft 365 login page, capturing their credentials and two-factor authentication (2FA) tokens in real-time. ONNX, which appears to be a rebranded version of the earlier Caffeine phishing kit, offers a sophisticated interface on Telegram for managing phishing campaigns and includes services like bulletproof hosting to evade detection and takedown efforts.

Relevant URL: https://www.bleepingcomputer.com/news/security/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms/