[German]Apple users are currently experiencing a problem when trying to access an Outlook mailbox via OWA in Safari. A TokenFactoryIFrame is downloaded every few seconds. I think the problem has only been occurring for a few days. I've seen also users claiming this for Chrome on iPads. It seems, that Microsoft has to fix this issue.
Advertising
John Heinrich just alerted me to this problem on Twitter (thanks for that), which is currently being discussed by users on the Internet on Microsoft Answers, among other places.
On May 2, 2022, a user Afahl writes in the following text in the Microsoft Answers forum that a TokenFactoryIFrame is downloaded every 5-10 seconds:
TokenFactoryIFrame
Hello,
I am using outlook in a Safari browser on my Mac. Whenever I visit outlook "TokenFactoryIFrame" downloads every 5-10 seconds. I have not clicked on any of these as I do not know if it is malware or not.
does anyone know what this is and how I can fix it?
One user states that the error occurs with macOS Monterey 12.3.1 and Safari 15.4. While reviewing the posts, I also noticed one user who also claims the error pattern for the Google Chrome browser on macOS. Another user is claiming the error under Chrome on an iPad. The now locked thread is already 28 pages long, and 2733 users state that they are interested in a solution as well. One user was able to reproduce it and writes (saying that it only occurs on Safari is contradicted by the references to Chrome) :
Advertising
I have recreated the issue several times. It only happens in Safari ADN it only happens with Outlook Web Access. I login to Office 365 and don't have the problem until I go to Outlook. If I go back to Office 365 the problem disappears. I have also tried Word, but it doesn't happen there. If I login directly to Outlook Web Access, it starts right away.
In Safari, in the developers Console, I found several:
failed to load resource: The server responded with a status of 400:
https://webshell.suite.office.com/iframe/TokenFactoryIframe?origin=https%3A%2F%2Foutlook.office365.com&shsid=3b04f390-15af-4d4b-ba92-84376de13ce5&apiver=oneshell&cshver=20220405.3
There are many of the failed to load resource messages, they vary slightly but then repeat. They all point to the same url, which very much looks to be a Microsoft URL. It drops a TokenFactoryIframe (Zero Bytes) into my Downloads folder. There is only 1 file. The repeated action, just overwrites the previous file.
Other threads can be found here auf Microsoft Answers on Microsoft Answers as well as on Techcommunity. I also found this entry on reddit.com. On Apple, there is this forum post, but it refers to Microsoft. It seems to affect all Microsoft 365 users on Apple devices when they try (in Safari) to access their Outlook mailboxes via Outlook Web Access (OWA). Working is no longer possible.
Is it a browser infection?
Addendum and Warning: After the incident described above has became public, many web sites has published articles describing Token Factory Iframe as malicious – a potentially hazardous browser add-on for macOS. It generates obstructive ads and makes unauthorized browser changes. That may not be false, but from what I read from this sites (see the article here for instance), it's an attempt to "sell" a "free" remover tool licence to incautious users. Below is a snippet of the SpyHunter Remover Terms.
Free SpyHunter Remover Details & Terms
SpyHunter's malware scanner is for detection purposes. Upon completion of the scan, you have the choice to subscribe to SpyHunter on a 6-month basis for immediate removal of results found and system guard protection, typically starting at €48 every six months.
To be on the safe side, open your affected browser in macOS, then open the menu and select the menu entry Preferences. Goto Extensions and check, if and entry Token Factory Iframe is located in the extensions list. If you find such an entry, your browser is indeed infected by a browser hijacker. In this case click the Token Factory Iframe entry and remove it from your browser. Repeat this to all extensions you do not know about.
You can also use an antivirus tool like Bitdefender for your Mac to scan the system for malicious software. But in the current case no user has observed annoying ads, banners and pop-ups (as I read till now) – and I haven't seen reports about infections like a browser hijacker discovered by users or antivirus software.
Workarounds until Microsoft fixes
The whole thing is quite mysterious – it seems to download a token factory for an iframe tag – could be a security issue (see my aboive explanation). A user PAtsie1429 writes that he solved the issue for himself with a workaround, by blocking downloads.
Hi, all –
I seem to have eliminated the pop-up on my MacBook by changing the download preferences for Outlook365 in Safari to Deny. After doing so, I notice that when I visit Outlook365, there is a slight movement, as if the download is being attempted, but when I check my download file, Token Factory does not appear.
Not sure it is a fix, but seems better than constant download prompts.
Safari/Preferences/Websites
The workaround tells Safari to stop downloading from Outlook 365 (see also the post from within this thread). However, this means that no more downloads of mail attachments are possible. At Apple, a user writes that he blocked this in the firewall.
In this web post, someone suspects it's related to Apple's Intelligent Tracking Protection (ITP) and that third-party cookies are suddenly being blocked. He also outlines a workaround – and also suggests checking the system for malware. Another user James Davis_70, however, warns users in the Apple forum to make changes to the system.
For Apple users, please don't make any setting changes to your systems, and don't down load this. The issue would be related to a change on Microsoft's side and they have to fix it.
This is impacting all of O365 when accessed using Safari.
For iOS users, try using the Outlook, PowerPoint, and Excel apps as a workaround.
For Mac users, try using the desktop app as a workaround.
It looks like Microsoft will have to get on it and fix the problem. Users with iOS should switch to apps for Outlook, PowerPoint and Excel. MacOS users should also use the desktop apps as a workaround. German administrators told me, they are using Firefox to access OWA as a workaround, untill the glitch is fixed.
Bottom note: I've linked this article within my post in Microsoft Answers forum and asked the forum moderators to forward the issue to the responsible Microsoft product group – that's all I can do.
Addendum: I got a feedback from German readers, that the issues has been fixed by Microsoft. Can somebody confirm that? I can't test it (no Mac, no iPad, no Office 365/MS 365).
Addenum: The German blog reader wrote, that the issue has been fixed in his enterprise environment ((14 Macs). And he forwarded the answer from Microsoft Answers Forum:
Trackback from The Register Outlook bombards Safari users with endless downloads