Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as "highly targeted" in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. Malicious OAuth apps Source: Proofpoint These apps request access to less sensitive permissions such as 'profile', 'email', and 'openid,' to avoid detection and suspicion. If those permissions are granted, the attacker is given access to: profile – Full name, User ID, Profile picture, Username – Full name, User ID, Profile picture, Username email – primary email address (no inbox access) – primary email address (no inbox access) openid – allows confirmation of user's identity and retrieval of Microsoft account details Proofpoint told BleepingComputer that the phishing campaigns w ... Read full article.