New phishing kits target Microsoft 365 accounts, evade MFA

New phishing kits target Microsoft 365 accounts, evade MFA
Two new phishing kits, Jalisco and OmegaLord, are targeting Microsoft 365 accounts with methods designed to bypass multi-factor authentication. Jalisco uses device-code phishing while OmegaLord steals credentials and phone numbers through a fake PDF Reader page to help attackers hijack MFA approvals. #Jalisco #OmegaLord #Microsoft365 #EntraID

Keypoints

  • Jalisco uses device-code phishing to abuse Microsoft’s OAuth 2.0 Device Authorization Grant flow.
  • OmegaLord impersonates a PDF Reader login page to steal credentials and phone numbers.
  • Phone numbers may be used to intercept or hijack MFA requests and codes.
  • Jalisco can generate fresh Microsoft OAuth device codes in real time to bypass code validity limits.
  • ReliaQuest recommends limiting device registrations and blocking device code authentication.

Read More: https://www.bleepingcomputer.com/news/security/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/