Phishing, Threat Intelligence, Identity

Microsoft 365 credentials subjected to malicious OAuth app attack

(Adobe Stock)

Numerous U.S. and European government, healthcare, retail, and supply chain entities are having their Microsoft 365 credentials targeted for exfiltration in a new ClickFix attack campaign involving fake Microsoft OAuth apps spoofing Adobe Acrobat, Adobe Drive, Adobe Drive X, and DocuSign, according to BleepingComputer.

Intrusions commenced with the delivery of phishing emails purportedly from charities or smaller organizations that lured recipients into clicking links and allowing permissions for the bogus OAuth apps before redirecting to several sites and eventual malware deployment, said Proofpoint in a series of posts on X, which noted that the malicious activity was immediately detected by its systems.

Such a development — which comes years after OAuth apps were reported by PhishLabs researchers to have been leveraged to enable Microsoft 365 account takeovers — should prompt increased caution with OAuth app permission requests. Additional user restrictions for accessing third-party OAuth app requests should also be implemented by Microsoft 365 admins.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds