When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

    September 6, 2023

    The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery ...

  • CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack

    September 6, 2023

    CISA has released actionable guidance for Federal Civilian Executive Branch (FCEB) agencies to help them evaluate and mitigate the risk of volumetric distributed denial-of-service (DDoS) attacks against their websites and related web services. The Capacity Enhancement Guide: Volumetric DDoS Against Web Services Technical Guidance: Helps agencies prioritize DDoS mitigations based on mission and reputational impact. Describes DDoS ...

  • Analyzing a Facebook Profile Stealer Written in Node.js

    September 5, 2023

    During previous analysis of a campaign involving a Facebook stealer, Trend Micro researchers discovered another interesting stealer. It was written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a command-and-control (C&C) server, and employed GraphQL as a channel for C&C communication. This blog entry investigates this new stealer ...

  • New Agent Tesla Variant Being Spread by Crafted Excel Document

    September 5, 2023

    FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access. It is often used for Malware-as-a-Service (MaaS). FortiGuard Labs researcher Xiaopeng Zhang performed an in-depth analysis of this campaign, from the initial phishing email to ...

  • CISA Releases Two Industrial Control Systems Advisories

    September 5, 2023

    CISA released two Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-248-01 Fujitsu Limited Real-time Video Transmission Gear IP series Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • South Africa: Unprecedented cyber attacks target government entities

    September 5, 2023

    The incidence of spyware attacks has shown a significant surge of over 20% within South Africa with regard to 2023. The majority of these reported attacks have been concentrated on governmental websites and systems, thereby potentially engendering substantial instability to the national security framework of South Africa. The foundational principle of national security mandates that a ...