OAuth Redirect Attacks Deliver Malware and Bypass MFA

March 4, 2026 at 06:12 AM

•

1 min read

OAuth Redirect Attacks Deliver Malware and Bypass MFA — Photo: BleepingComputer

TL;DR Summary

Microsoft Defender researchers warn attackers abuse OAuth 2.0 redirect flows to bypass phishing protections by registering malicious OAuth apps and directing users to attacker-controlled redirect URIs, sometimes via PDFs; victims are taken to phishing pages or intermediaries like EvilProxy that can intercept session cookies to bypass MFA. Other campaigns deliver ZIPs with LNK files that launch PowerShell and DLL side-loading to drop payloads. These are identity-based threats exploiting standard OAuth error handling; Microsoft advises tighter OAuth permissions, stronger identity protections, Conditional Access, and cross-domain detection across email, identity, and endpoints.

Topics:top-news #malware #mfa #oauth #phishing #redirects #security

Share this article

Microsoft: Hackers abuse OAuth error flows to spread malware BleepingComputer
OAuth redirection abuse enables phishing and malware delivery Microsoft
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery theregister.com
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets The Hacker News
OAuth phishers make ‘check where the link points’ advice ineffective csoonline.com

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

88%

727 → 90 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights