Summary: Cybercriminals are using fraudulent Microsoft OAuth applications that impersonate Adobe and DocuSign to distribute malware and capture Microsoft 365 credentials. Proofpoint researchers have labeled these attacks as highly targeted and characterized them by deceptive email campaigns aimed at various industries. Users are advised to be vigilant with OAuth app requests and to verify their authenticity before granting permissions.
Affected: Microsoft 365 users and organizations
Keypoints :
- Malicious OAuth apps are posing as legitimate Adobe and DocuSign tools to gain sensitive information.
- The phishing campaigns leverage compromised email accounts, targeting industries such as government and healthcare through deceptive emails.
- Users should regularly review and manage OAuth app permissions to safeguard their accounts.