1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These malicious apps are tricking Microsoft, and are now after yo

    From TechnologyDaily@1337:1/100 to All on Wed Feb 1 10:30:03 2023
    These malicious apps are tricking Microsoft, and are now after your PC

    Date:
    Wed, 01 Feb 2023 10:17:13 +0000

    Description:
    Hackers are abusing the verified status in MCPP, tricking people into giving away sensitive intel.

    FULL STORY ======================================================================

    Hackers have been spotted abusing the Microsoft Partner Network feature for Azure AD in an attempt to steal corporate emails and other sensitive data .

    Microsoft and cybersecurity pros Proofpoint worked together to combat the threats, explaining how they discovered hackers posing as legitimate
    companies and successfully getting verified in the Microsoft Cloud Partner Program (MCPP).

    Getting verified as a legitimate business allowed the crooks to register verified OAuth apps in Azure AD which were, in reality, malicious and used to steal peoples emails via phishing. To make matters worse, Proofpoint said crooks could have also used this access to steal calendar information, as well. Running BEC attacks

    The threat is particularly worrying as his type of information can be used
    for cyberespionage, business email compromise attacks, or as a stepping stone towards a more serious form of cybercrime.

    Proofpoint seems to have been the first to spot the campaign on December 15, with Microsoft moving in later to disable all fraudulent accounts and apps.

    "Microsoft has disabled the threat actor-owned applications and accounts to protect customers and have engaged our Digital Crimes Unit to identify
    further actions that may be taken with this particular threat actor," it said in its announcement .

    "We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future." Read more

    OAuth: what you need to know


    OAuth apps are being exploited to launch cyberattacks


    Check out the best endpoint protection services right now

    Microsoft also said it reached out to all affected companies and warned them to thoroughly investigate their environments to make sure theyre safe from compromise.

    BleepingComputer says malicious actors have been increasingly using OAuth apps to run consent phishing attacks and target business Office 365 and Microsoft 365 data, forcing Microsoft into introducing the verified status. Protect your devices with the best malware removal software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-malicious-apps-are-tricking-microsoft-and -are-now-after-your-pc


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)