Security News > 2020 > January > Tricky Phish Angles for Persistence, Not Passwords
First, while the most recent versions of this stealthy phish targeted corporate users of Microsoft's Office 365 service, the same approach could be leveraged to ensnare users of many other cloud providers.
In early December, security experts at PhishLabs detailed a sophisticated phishing scheme targeting Office 365 users that used a malicious link which took people who clicked to an official Office 365 login page - login.
What's more, Tyler said the malicious app they tested was not visible as an add-in at the individual user level; only system administrators responsible for managing user accounts could see that the app had been approved.
Once given permission to access the user's email and files, the app will retain that access until one of two things happen: Microsoft discovers and disables the malicious app, or an administrator on the victim user's domain removes the program from the user's account.
PhishLabs' Tyler said he disagrees with Microsoft here, and encourages Office 365 administrators to block users from installing apps altogether - or at the very least restrict them to apps from the official Microsoft store.
News URL
https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/