Cybercriminals are actively deploying malicious Microsoft OAuth apps, masquerading as legitimate Adobe and DocuSign applications, to steal Microsoft 365 credentials and deliver malware. OAuth apps let you grant limited access to your online accounts without sharing your password. They use secure tokens, not your login, to let apps access specific data you allow.
Proofpoint researchers have uncovered these “highly targeted” campaigns, highlighting the persistent threat of OAuth app abuse. These deceptive apps, request limited permissions to avoid suspicion. Granting these permissions gives hackers access to your:
- profile – Full name, User ID, Profile picture, Username
- email – primary email address (no inbox access)
- openid – allows confirmation of user’s identity and retrieval of Microsoft account details
While seemingly harmless, this information can be used for further targeted attacks and credential theft.
Top 3 Actions to Protect Your Microsoft 365 Credentials from Malicious OAuth Apps:
Be Vigilant About Permissions: Even seemingly minor permissions can be exploited. Educate users to scrutinize all permission requests and implement policies requiring careful review.
Recognize Suspicious Behavior: Malicious apps often use multiple redirects. Train users to spot unusual redirection patterns and avoid clicking links from untrusted sources.
Implement Proactive Security Measures: Account compromise can happen quickly. Enable multi-factor authentication (MFA) and implement real-time monitoring of login activity to mitigate risks.
How LeeShanok’s Cyber Spies keep Keep you Safe!
Certified spy genius, certified cyber-fighter of hackers. Watch Denis ace his Security+ and then…well, just watch. You won’t believe what happens next!
