"#Proofpoint researchers uncovered on December 6th, 2022, the threat actors employed brand abuse, app #impersonation and other social engineering tactics to lure users into authorizing malicious apps.

...this malicious campaign includes data exfiltration, brand abuse, and delegated permissions over compromised users’ mailboxes, calendars, and meetings.

Users and organizations should not trust #OAuth #apps based on the verified publisher status alone.

Organizations are encouraged to use #cloud #security solutions that can automatically detect and revoke malicious third-party OAuth apps from their environments."

The Dangerous Consequences of #Threat Actors Abusing Microsoft’s “Verified Publisher” Status

https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher

#threatactors #Microsoft #socialengineering #verifiedpublisher #malware