Security News > 2021 > December > Microsoft, Google OAuth flaws can be abused in phishing attacks

Microsoft, Google OAuth flaws can be abused in phishing attacks
2021-12-09 16:21

These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false snse of legitimacy to victims.

"The attacks use dozens of distinct Microsoft 365 third-party applications with malicious redirect URLs defined for them," explains Proofpoint's report.

"All the third-party applications were being delivered through a Microsoft URL with a missing response type query parameter, with the intention to redirect unsuspecting users to different phishing URLs.".

"We analyzed Proofpoint data and found large-scale targeted attacks using modi operandi, which we'll discuss in detail later in this blog post. The attacks use dozens of distinct Microsoft 365 third-party applications with malicious redirect URLs defined for them."

GitHub allows anyone to register an OAuth app, including threat actors who create apps whose redirect URLs lead to phishing landing pages.

"By abusing OAuth infrastructure, these attacks deliver malicious emails to their targets undetected. Such attacks on PayPal can lead to theft of financial information such as credit cards. Phishing attacks on Microsoft can lead to fraud, intellectual property theft and more."


News URL

https://www.bleepingcomputer.com/news/security/microsoft-google-oauth-flaws-can-be-abused-in-phishing-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Microsoft 365 50 1369 2820 161 4400