Security News > 2022 > January > Hackers are taking over CEO accounts with rogue OAuth apps
Threat analysts have observed a new campaign named 'OiVaVoii', targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.
OAuth is a standard for token-based authentication and authorization, removing the need to enter account passwords.
Three of these apps were created by verified publishers, which indicates that the threat actors compromised the account of a legitimate Office tenant.
The threat actors then used the apps to send out authorization requests to high-ranking executives in the targeted organizations.
Four of the malicious OAuth apps used by the actors in this campaign have been blocked, but new ones are being created and employed in the same way.
Executives who have already been compromised and given access to their accounts remain high-risk points for impacted organizations.