Cybersecurity experts have uncovered a new campaign where threat actors impersonate companies with fake Microsoft OAuth applications to steal credentials and take over accounts. The attacks utilize sophisticated phishing methods and impersonate well-known organizations, targeting Microsoft 365 users globally. #MicrosoftOAuth #TycoonPhishing
Keypoints
- Threat actors are impersonating companies using fake Microsoft OAuth applications for credential harvesting.
- The phishing campaigns leverage multi-factor authentication (MFA) phishing kits like Tycoon and ODx.
- Victims are tricked via emails with URLs leading to fake Microsoft OAuth permission pages.
- The attack involves adversary-in-the-middle (AiTM) techniques to capture credentials and MFA codes.
- Microsoft plans to update security settings by August 2025 to help prevent these OAuth-based attacks.
Read More: https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html