When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Clasiopa: New group targets materials research organization in Asia

    February 23, 2023

    A hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan). At present, there is no firm evidence on where Clasiopa is based or whom it acts on behalf. The infection vector ...

  • Cyberattack on food giant Dole, temporarily shuts down North American production

    February 23, 2023

    Produce giant Dole was forced to temporarily shut down its production plants in North America and halt food shipments to grocery stores after being targeted in a cyberattack. The previously unreported hack, which a source familiar with the incident said was ransomware, led some grocery shoppers to complain on Facebook in recent days that store shelves ...

  • Telus investigating sale of alleged code, employee information

    February 23, 2023

    Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories. In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation. Read more… Source: IT ...

  • European Commission bans TikTok from employees’ phones

    February 23, 2023

    The Commission said in a statement that all its employees will have to comply by March 15. This measure aims “to protect the Commission against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission,” the statement said. “The security developments of other social media platforms will also be kept ...

  • Datacenters in China, Singapore cracked by crims who then targeted tenants

    February 23, 2023

    Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers. That’s the scary scenario outlined by infosec vendor Resecurity, which has detailed malicious campaigns said to have started in 2021 but became apparent earlier this month when info dumps were teased on the ...

  • Russian malware dev behind NLBrute hacking tool extradited to US

    February 23, 2023

    A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4. Also known as dpxaker, Dariy Pankov is now charged with access device fraud and computer fraud and faces a maximum sentence of 47 years ...