Microsoft OAuth apps used to automate BEC and cryptomining attacks


Microsoft alerts users about the use of OAuth apps by financially motivated threat actors to push spam, automate BEC and phishing assaults, and launch virtual machines (VMs) for cryptocurrency mining.

Open Authorization, or OAuth for short, is an open standard that uses token-based authentication and authorization in lieu of credentials to provide apps with safe delegated access to server resources based on user-defined permissions. Attackers primarily target user accounts without strong authentication (such as multi-factor authentication) in phishing or password-spraying attacks, concentrating on those with the ability to create or modify OAuth apps, according to recent incidents that Microsoft Threat Intelligence experts looked into.

Read More…