Microsoft warns of attack that can spy on emails


Microsoft has warned its users about a wave of attacks focused on reading and stealing information and credentials through emails. The main targets, as is often the case, are corporate users subscribing to the Office 365 suite, with an abuse of the application authorization system serving to grant criminals access to the inbox.

Upon obtaining such authorizations, crooks read emails and calendar entries for credentials, two-step authentication confirmations, and other sensitive information. At the same time, a contact list scan is also performed, with the exploit still allowing for the creation of rules, access to the calendar and even the possibility to write messages on behalf of the victim.

On the other hand, the compromise happens from a malicious application, which can also arrive from fraudulent accounts or through more traditional phishing messages or emails. According to Microsoft, the request is disguised as an update called Upgrade to Office 365 services, with the user having to grant permissions to the fraudulent application, which then has full access if authorized.

Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!

According to Microsoft’s alert, the secret of the exploit lies in the misuse of the OAuth protocol, which is used by third-party online services to access data, account information and other metrics necessary for its operation. In this case, the effective access credentials are not shared, but there is still danger, due to the possibility granted of reading messages that can bring such records and many others, equally sensitive.

The main fear is about persistence, as scams of this type ensure that attackers have direct access to systems until they are detected. With this, they can remain vigilant about exchanging sensitive data or prepare for larger attacks from emails, whether it’s hacking into accounts and intercepting confirmation emails or sending fraudulent messages to colleagues, leading to bigger scams.

The company says that hundreds of attacks against Office 365 subscribers have already been detected, in a campaign that remains ongoing. To combat the problem, the signatures of the malicious application have already been included in Microsoft Defender, which will indicate to users about the malicious character of the application at the time of the access request.

For those already affected, the recommendation is to perform a scan of the apps authorized to read the emails, deactivating the so-called Upgrade and others that they do not recognize. Once this is done, access is restricted, so it’s just a matter of assessing the damage and alerting you to the possibility of further scams involving possible compromised information.

Share post:


More like this

The enigmatic post of Karim Benzema on Kylian Mbappé

After the announcement of Kylian Mbappé's extension to...

Speaker Muturi coalition deal with Ruto’s Kenya Kwanza declared null and void

The Speaker of the National Assembly Justin Muturi's...

PSG: Leonardo removed from office

An evening like no other. In addition to...

The dream evening of Kylian Mbappé and PSG

After the announcement to the public of his extension,...