Malicious OAuth apps target Microsoft 365 accounts
Cybercriminals are using fake Microsoft OAuth apps that appear to be Adobe and DocuSign to steal Microsoft 365 account credentials. These malicious apps request minimal permissions to avoid detection and are part of targeted phishing campaigns. The attacks involve emails from compromised accounts, often posing as charities or small businesses. They target various industries, including government and healthcare, using tactics like contract lures to trick users into granting access. Once permission is granted, users are redirected to phishing pages or malware downloads. Experts warn users to verify OAuth app requests and check their app permissions regularly to protect their accounts.