When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Italian company exposed as a front for malware operations

    June 12, 2020

    For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, but has secretly advertised and provided its service to malware gangs. The company’s secret business came to light after security researchers from Check Point began looking at GuLoader [1, ...

  • 6 New Vulnerabilities Found on D-Link Home Routers

    June 12, 2020

    On February 28, 2020, Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware. The vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. The current trend towards working from home increases the likelihood of malicious attacks against home ...

  • Android ‘ActionSpy’ Malware Targets Turkic Minority Group

    June 12, 2020

    Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via watering-hole websites or fake websites. Researchers believe ActionSpy is being used in ongoing campaigns to target Uyghur victims. The Uyghurs, a Turkic minority ethnic group affiliated with Central and East Asia, have previously been targeted in spyware attacks. Though ...

  • Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware

    June 11, 2020

    Industrial control networks are coming under attack from a range of ransomware attacks, security researchers have warned, after an experiment revealed the speed at which hackers are uncovering vulnerabilities in critical infrastructure. Security company Cybereason built a ‘honeypot’ designed to look like an electricity company with operations across Europe and North America. The network was made to ...

  • Gamaredon hackers use Outlook macros to spread malware to contacts

    June 11, 2020

    New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The threat actor disables protections for running macro scripts in Outlook and to plant the source file for the spearphishing attacks that spread malware to other victims. Gamaredon ...

  • Hackers breached A1 Telekom, Austria’s largest ISP

    June 11, 2020

    A1 Telekom, the largest internet service provider in Austria, has admitted to a security breach this week, following a whistleblower’s exposé. The company admitted to suffering a malware infection in November 2019. A1 said its security team detected the malware a month later, but that removing the infection was more problematic than it initially anticipated. From December ...