These malicious apps are tricking Microsoft, and are now after your PC

Hackers have been spotted abusing the Microsoft Partner Network feature for Azure AD in an attempt to steal corporate emails and other sensitive data.

Microsoft and cybersecurity pros Proofpoint worked together to combat the threats, explaining how they discovered hackers posing as legitimate companies and successfully getting verified in the Microsoft Cloud Partner Program (MCPP). 

Getting verified as a legitimate business allowed the crooks to register verified OAuth apps in Azure AD which were, in reality, malicious and used to steal people’s emails via phishing. To make matters worse, Proofpoint said crooks could have also used this access to steal calendar information, as well. 

Running BEC attacks

The threat is particularly worrying as his type of information can be used for cyberespionage, business email compromise attacks, or as a stepping stone towards a more serious form of cybercrime.

Proofpoint seems to have been the first to spot the campaign on December 15, with Microsoft moving in later to disable all fraudulent accounts and apps. 

"Microsoft has disabled the threat actor-owned applications and accounts to protect customers and have engaged our Digital Crimes Unit to identify further actions that may be taken with this particular threat actor," it said in its announcement

"We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future."

Microsoft also said it reached out to all affected companies and warned them to thoroughly investigate their environments to make sure they’re safe from compromise.

BleepingComputer says malicious actors have been increasingly using OAuth apps to run “consent phishing” attacks and target business Office 365 and Microsoft 365 data, forcing Microsoft into introducing the “verified” status. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/cWqyziJ
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us