The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.