When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Diebold Nixdorf warns of a new class of ATM ‘black box’ attacks across Europe

    July 16, 2020

    ATM maker Diebold Nixdorf is warning banks of a new type of ATM “black box” attack that was recently spotted used across Europe. ATM “black box” attacks are a type of jackpotting attack — when cybercriminals make an ATM spit out cash. A jackpotting attack can be executed with malware installed on an ATM, or by ...

  • Major US Twitter accounts hacked in Bitcoin scam

    July 16, 2020

    Billionaires Elon Musk, Jeff Bezos and Bill Gates are among many prominent US figures targeted by hackers on Twitter in an apparent Bitcoin scam. The official accounts of Barack Obama, Joe Biden and Kanye West also requested donations in the cryptocurrency. “Everyone is asking me to give back,” a tweet from Mr Gates’ account said. “You send ...

  • Caught in the Crossfire: Defending Devices From Battling Botnets

    July 15, 2020

    Strength in numbers is the main principle behind botnets, networks of devices that have been infected and turned into bots to be used in performing attacks and other malicious activities. With the dawn of the internet of things (IoT), botnet developers have found a new domain to conquer, but there they must compete with one ...

  • The Tetrade: Brazilian banking malware goes global

    July 14, 2020

    Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their attacks ...

  • Second Catalan politician says phone was targeted by spyware

    July 14, 2020

    A second prominent member of Catalan’s pro-independence movement has revealed he was warned that his mobile phone was targeted using spyware. The development is likely to bolster calls for an investigation into the possible use of hacking technology by Spanish authorities. Ernest Maragall, an MP in the regional parliament and a former member of the European parliament ...

  • RECON bug lets hackers create admin accounts on SAP servers

    July 14, 2020

    Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched. Onapsis says RECON allows malicious ...