Subj : Microsoft 365 accounts are under attack from new malware spoofing To : All From : TechnologyDaily Date : Mon Mar 17 2025 13:45:08 Microsoft 365 accounts are under attack from new malware spoofing popular work apps Date: Mon, 17 Mar 2025 13:27:00 +0000 Description: Hackers are impersonating Adobe, DocuSign and more to steal login credentials and deploy malware. FULL STORY ======================================================================Criminal s are using stolen email addresses to distribute malicious OAuth Apps These apps steal sensitive data and redirect people to phishing pages The pages steal login credentials and deliver malware Hackers are spoofing popular cloud and productivity apps to steal peoples Microsoft 365 login credentials and deliver malware , experts have warned. Cybersecurity researchers Proofpoint detailed their findings in an X thread, revealing unidentified cybercriminals used compromised Office 365 accounts and email addresses belonging to charity organizations or small businesses to launch the attacks. It is unclear what the contents of the emails are, but apparently, the goal is to get victims to install malicious Microsoft OAuth apps pretending to be Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. "Highly targeted" attacks Those that install these apps are asked to grant specific permissions: profile, email, and openid. Alone, these arent that destructive, since they only grant access to the users name, user ID, profile picture, username, and the primary email address (no access, just information about the account). The openid permission also allows the attackers to confirm the victims identity and retrieve their Microsoft account details. While these arent enough to steal data or install malware, they can be used in more personalized phishing attacks, the researchers said. The campaign itself was highly targeted, Proofpoint said, going after organizations in different industries across the US and Europe, including government, healthcare, supply chain, and retail. After granting these permissions, the apps redirect the victims to phishing landing pages, collecting login credentials, and distributing malware. Proofpoint could not confirm the strain of the malware being distributed this way, but stressed that the attackers used the ClickFix social engineering attack. Nowadays, ClickFix has grown quite popular. It starts with a browser popup, informing the victim that they cannot view the contents of the web page unless they update their browser (or something similar). The popup shares steps on how to fix the issue, tricking the victims into downloading malware instead. Via BleepingComputer You might also like A flaw in Google OAuth system is exposing millions of users via abandoned accounts We've rounded up the best password managers Take a look at our guide to the best authenticator app ====================================================================== Link to news story: https://www.techradar.com/pro/security/microsoft-365-accounts-are-under-attack -from-new-malware-spoofing-popular-work-apps --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .