Two new phishing kits, Jalisco and OmegaLord, are targeting Microsoft 365 accounts with methods designed to bypass multi-factor authentication. Jalisco uses device-code phishing while OmegaLord steals credentials and phone numbers through a fake PDF Reader page to help attackers hijack MFA approvals. #Jalisco #OmegaLord #Microsoft365 #EntraID
Keypoints
- Jalisco uses device-code phishing to abuse Microsoftβs OAuth 2.0 Device Authorization Grant flow.
- OmegaLord impersonates a PDF Reader login page to steal credentials and phone numbers.
- Phone numbers may be used to intercept or hijack MFA requests and codes.
- Jalisco can generate fresh Microsoft OAuth device codes in real time to bypass code validity limits.
- ReliaQuest recommends limiting device registrations and blocking device code authentication.