A global phishing campaign has started abusing OAuth consent flows in identity platforms, tricking employees into granting access to malicious applications.
Attack mechanics
Threat actors register fraudulent apps that request OAuth permissions. When users approve, their access tokens are stolen and attackers gain unauthorized entry.
Business impact
- Compromised identity credentials and sessions
- Unauthorized access to email, cloud storage and internal apps
- Lateral movement across corporate networks
Key mitigations
- Enforce strong MFA on OAuth consent prompts
- Train teams to reject suspicious app authorization requests
- Continuously monitor and revoke anomalous tokens
This wave reinforces that identity security is a critical defense layer.
