Microsoft 365 accounts are under attack from new malware spoofing popular work apps

News
By published

Hackers are impersonating Adobe, DocuSign and more to steal login credentials

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)
  • Criminals are using stolen email addresses to distribute malicious OAuth Apps
  • These apps steal sensitive data and redirect people to phishing pages
  • The pages steal login credentials and deliver malware

Hackers are spoofing popular cloud and productivity apps to steal people’s Microsoft 365 login credentials and deliver malware, experts have warned.

Cybersecurity researchers Proofpoint detailed their findings in an X thread, revealing unidentified cybercriminals used compromised Office 365 accounts and email addresses belonging to charity organizations or small businesses to launch the attacks.

It is unclear what the contents of the emails are, but apparently, the goal is to get victims to install malicious Microsoft OAuth apps pretending to be Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.

"Highly targeted" attacks

Those that install these apps are asked to grant specific permissions: ‘profile’, ‘email’, and ‘openid’. Alone, these aren’t that destructive, since they only grant access to the user’s name, user ID, profile picture, username, and the primary email address (no access, just information about the account). The ‘openid’ permission also allows the attackers to confirm the victim’s identity and retrieve their Microsoft account details.

While these aren’t enough to steal data or install malware, they can be used in more personalized phishing attacks, the researchers said. The campaign itself was “highly targeted”, Proofpoint said, going after organizations in different industries across the US and Europe, including government, healthcare, supply chain, and retail.

After granting these permissions, the apps redirect the victims to phishing landing pages, collecting login credentials, and distributing malware. Proofpoint could not confirm the strain of the malware being distributed this way, but stressed that the attackers used the ClickFix social engineering attack.

Nowadays, ClickFix has grown quite popular. It starts with a browser popup, informing the victim that they cannot view the contents of the web page unless they update their browser (or something similar). The popup shares steps on how to “fix” the issue, tricking the victims into downloading malware instead.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Latest in Security
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Latest in News
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
Star Wars Knights of the Old Republic
Knights of the Old Republic remake developer Saber Interactive states all its projects are 'still in development'
google nest
Google is slowly phasing out its Assistant helper to make room for Gemini's reign in smartphones - here’s how it’s doing the same for smart home devices
Renault 5 Turbo 3E
Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical handbrake for drifting
Circular smart ring
Circular's new smart ring is getting blood pressure and blood glucose monitoring before the Apple Watch
Gemini on a mobile phone.
Worryingly, Google Gemini’s new AI image generation features can be used to remove watermarks from images and I'm concerned
More about security
person at a computer

Many workers are overconfident at spotting phishing attacks
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
GameSir X4 Aileron on table with plant and pink wall in background

I used the GameSir X4 Aileron for gaming on my Android phone, and while it’s great in many respects, there’s one aspect I couldn’t get on with
See more latest
Most Popular
Snap Spectacles 5
Latest Snap Spectacles update teases an exciting AR future that I can't wait for
Renault 5 Turbo 3E
Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical handbrake for drifting
3D version of the Adobe logo
Adobe Summit 2025 - all the news and updates as it happens
google nest
Google is slowly phasing out its Assistant helper to make room for Gemini's reign in smartphones - here’s how it’s doing the same for smart home devices
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
Gemini on a mobile phone.
Worryingly, Google Gemini’s new AI image generation features can be used to remove watermarks from images and I'm concerned
Star Wars Knights of the Old Republic
Knights of the Old Republic remake developer Saber Interactive states all its projects are 'still in development'
Percy walks into a forest camp in Percy Jackson and the Olympians' Disney Plus series
Disney+ renews Percy Jackson and the Olympians for season 3, unleashing an epic new odyssey based on the The Titan's Curse
Circular smart ring
Circular's new smart ring is getting blood pressure and blood glucose monitoring before the Apple Watch
Apple Intelligence
It’s crunch time for Apple Intelligence as Apple execs look for a solution to the company’s AI woes