Azure web applications allows users to create a customized subdomain on azurewebsites.net. Attackers abuse this functionality by hosting phishing websites using the azurewebsites.net domain.
Command and Control
Malware such as Almaq have used Azure web applications as their C&C servers.
Attackers can create web applications with upload functionalities hosted on *.azurewebsites.net and exfiltrate data on there.
Attackers can host malicious tools on applications hosted on *.azurewebsites.net and download them when needed.
Last Update: 2021-11-10