These malicious apps are tricking Microsoft, and are now after your PC

Hackers are abusing the verified status in MCPP

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have been spotted abusing theMicrosoftPartner Network feature for Azure AD in an attempt to steal corporate emails and othersensitive data.

Microsoft and cybersecurity pros Proofpointworked togetherto combat the threats, explaining how they discovered hackers posing as legitimate companies and successfully getting verified in the Microsoft Cloud Partner Program (MCPP).

Getting verified as a legitimate business allowed the crooks to register verified OAuth apps in Azure AD which were, in reality, malicious and used to steal people’s emails via phishing. To make matters worse, Proofpoint said crooks could have also used this access to steal calendar information, as well.

Running BEC attacks

The threat is particularly worrying as his type of information can be used for cyberespionage, business email compromise attacks, or as a stepping stone towards a more serious form of cybercrime.

Proofpoint seems to have been the first to spot the campaign on December 15, with Microsoft moving in later to disable all fraudulent accounts and apps.

“Microsoft has disabled the threat actor-owned applications and accounts to protect customers and have engaged our Digital Crimes Unit to identify further actions that may be taken with this particular threat actor,” it said in itsannouncement.

“We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

OAuth: what you need to know>OAuth apps are being exploited to launch cyberattacks>Check out the best endpoint protection services right now

Microsoft also said it reached out to all affected companies and warned them to thoroughly investigate their environments to make sure they’re safe from compromise.

BleepingComputersays malicious actors have been increasingly using OAuth apps to run “consent phishing” attacks and target business Office 365 and Microsoft 365 data, forcing Microsoft into introducing the “verified” status.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet