Una backdoor segnalata e collegata a Webworm utilizza Microsoft Graph e OneDrive come canale di comando, evidenziando come il traffico SaaS ordinario possa essere riutilizzato per operazioni segrete.
A malware campaign tied to Webworm shows how a trusted Microsoft cloud service can be repurposed as a low-noise control channel, forcing defenders to watch identity and file activity as closely as network traffic.