Microsoft researchers: OAuth app used to automate phishing attacks and mine cryptocurrency

Microsoft researchers have discovered a series of cyber attacks where OAuth applications are used to automatically conduct phishing attacks, disrupt company emails, and secretly mine cryptocurrency. The hackers' targets are accounts that lack strong authentication mechanisms. They create new OAuth applications with high permissions through hijacked accounts, allowing malware to access systems without the user's knowledge.

In one case, an attacker with the username Storm-1283 used OAuth to deploy virtual machines for cryptocurrency mining. Depending on the duration of the attack, losses ranged from $10,000 to $1.5 million.

Microsoft

Comments

All Comments

Recommended for you

cointelegraph ·

Sub-Saharan Africa third-fastest growing region for crypto adoption: Report

The region has growing institutional momentum and retail adoption, as the countries face economic challenges that could provide fertile ground for Web3.
cointelegraph ·

Ethena exits Hyperliquid USDH race, clearing path for Native Markets

Prediction markets now overwhelmingly favor Native Markets, but questions about credibility linger as the vote approaches.
Stephen Katte ·

Russia could consider crypto bank to combat fraud, help miners

Evgeny Masharov, a member of the Russian Civic Chamber, says Russia should start a crypto exchange through a major financial institution.
BRAYDEN LINDREA ·

Sending Bitcoin to Mars is now theoretically possible: Researchers

Bitcoin could be sent to and from Mars within three minutes by leveraging an optical link from NASA or Starlink and a new interplanetary timestamping system.
Callum Reid ·

How to use Grok for real-time crypto trading signals

Grok scans posts and sentiment shifts on X to help crypto traders identify early signals, memes and macro-driven momentum plays.
cointelegraph ·

Ripple’s SEC battle is over: Time to challenge SWIFT?

Ripple is done fighting the SEC, meaning it can focus on its original goal: challenging SWIFT, the world’s money transfer system.
Japan and the United States launched the seventh round of ministerial tariff negotiations, Akazawa and Lutnik held talks

June 28th, according to Jinshi data and the report from Kyodo News, Japanese Minister of Economic Revitalization Akazawa Ryo is meeting with US Commerce Secretary Lutnick in Washington on the 27th local time. The seventh round of ministerial-level negotiations between Japan and the United States has begun around the high tariff policy of the Trump administration. The Japanese government stated: "There have been fruitful discussions. We will continue to coordinate fully between Japan and the United States to reach an agreement that is beneficial to both sides." Akazawa Ryo did not immediately accept media interviews after the negotiations. The meeting between the two lasted about 1 hour. Considering that the deadline for the suspension of the additional tariffs is until July 9th, and Japan will hold the House of Councillors election on the 20th, Akazawa Ryo requested a significant reduction in the tariff rate for automobiles, which the Japanese government considers as "national interest."
Coinbase German executives use high-end services to attract conservative investors to the crypto market

according to DL News, Coinbase's Germany area manager Denny Morawiak is using a "white glove" service strategy to attract high-net-worth individuals in Germany to invest in cryptocurrencies.As the largest economy in Europe, German investors are known for risk aversion, with only 8% of the population holding crypto assets, far lower than the 25% in the UK. Morawiak aims to change the traditional investment habits of Germans, who rely on savings and pensions, by targeting wealthy entrepreneurs through sponsorships of Borussia Dortmund football club, organizing elite events, and more.He stated: "We are a wealthy country, but relatively speaking, the people are not wealthy, which is a shame."
Binance: Users holding at least 248 Alpha Points can claim the first phase of DMC token airdrops

according to official sources, Binance will list DeLorean (DMC), with Alpha trading opening on June 24, 2025 at 19:00, and contract trading opening on June 24, 2025 at 21:00. Eligible Binance users can use Binance Alpha points to claim 4800 DMC tokens within 24 hours after trading begins on the Alpha activity page.Binance Alpha airdrop will be distributed in two phases: Phase one (first 18 hours): Users holding at least 248 Alpha points can claim. Phase two (last 6 hours): Users holding at least 210 Alpha points can participate in the second phase of the airdrop, first come first served, until the airdrop pool is exhausted or the activity ends.
Negentropy Capital announces dissolution, remaining funds and project quotas to be liquidated

Negentropy Capital founder Billywen.sol announced on social media platform, "After thinking about it, I have decided to dissolve the negentropy capital that I and two other partners have created, liquidate the remaining funds and investment project quotas of the negentropy fund, partners take what they should, and I will start over as a solo VC independent investor like Ma Gang."Recently, there has been a liquidity crisis in the currency circle, and at a time when there seems to be no hope, I feel a force that compels me to do something. It is not just about making money, but a sense of mission. It is time for the currency circle to change, to truly change traditional banks, payments, stocks and securities, and even legal tender!"