Abuse of OAuth has been going on for some time now. Microsoft has tried its best to stop that. It recently explained some of the measures it’s taken to try to prevent this type of malicious behavior.
Microsoft warns organizations of consent phishing attacks – TechRepublic
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft. Phishing campaigns are a common tactic in which cybercriminals impersonate a well-known company, product, or brand to steal account credentials, financial information, or other data from unsuspecting victims.
Link: Microsoft warns organizations of consent phishing attacks
via www.techrepublic.com
