FlagThis

A new malware called FinalDraft is using Microsoft Outlook email drafts for command-and-control communication. This method allows for stealthy communication and is being used in attacks against a ministry in South America. The malware blends into typical Microsoft 365 traffic to avoid detection. The technique involves storing commands and responses in draft emails, which are subsequently deleted, making detection and tracing challenging. This illustrates the ongoing adaptation of malware techniques to exploit legitimate software functionalities.