Malicious OAuth Apps in Microsoft 365 Environments
Summary
Hide ▲
Show ▼
Security researchers have identified a significant number of malicious OAuth applications in Microsoft 365 environments. These apps, often hidden within legitimate enterprise applications or application registrations, can be used by threat actors to gain unauthorized access to sensitive data. The issue is widespread, with approximately 10% of surveyed tenants containing at least one of these malicious apps. Researchers have developed tools and methodologies to detect and mitigate these threats, emphasizing the need for regular audits of OAuth applications. The discovery highlights the importance of vigilant monitoring and the use of specialized tools to identify and remove these hidden threats.
Timeline
-
20.10.2025 17:00 1 articles · 23h ago
Discovery of Malicious OAuth Apps in Microsoft 365 Environments
Researchers have identified a significant number of malicious OAuth applications in Microsoft 365 environments. These apps, often hidden within legitimate enterprise applications or application registrations, can be used by threat actors to gain unauthorized access to sensitive data. Approximately 10% of surveyed tenants contain at least one of these malicious apps. The discovery emphasizes the need for regular audits and the use of specialized tools to detect and mitigate these threats.
Show sources
- Find hidden malicious OAuth apps in Microsoft 365 using Cazadora — www.bleepingcomputer.com — 20.10.2025 17:00
Information Snippets
-
OAuth applications in Microsoft 365 can be exploited by threat actors to gain unauthorized access.
First reported: 20.10.2025 17:001 source, 1 articleShow sources
- Find hidden malicious OAuth apps in Microsoft 365 using Cazadora — www.bleepingcomputer.com — 20.10.2025 17:00
-
Approximately 10% of surveyed Microsoft 365 tenants have at least one malicious OAuth app.
First reported: 20.10.2025 17:001 source, 1 articleShow sources
- Find hidden malicious OAuth apps in Microsoft 365 using Cazadora — www.bleepingcomputer.com — 20.10.2025 17:00
-
Malicious OAuth apps can be categorized into Traitorware (legitimate apps used maliciously) and Stealthware (custom-built malicious apps).
First reported: 20.10.2025 17:001 source, 1 articleShow sources
- Find hidden malicious OAuth apps in Microsoft 365 using Cazadora — www.bleepingcomputer.com — 20.10.2025 17:00
-
Researchers have developed an open-source tool called Cazadora to help administrators audit and identify malicious OAuth apps.
First reported: 20.10.2025 17:001 source, 1 articleShow sources
- Find hidden malicious OAuth apps in Microsoft 365 using Cazadora — www.bleepingcomputer.com — 20.10.2025 17:00
-
The Huntress SOC has identified over 500 instances of Stealthware applications across partner tenants.
First reported: 20.10.2025 17:001 source, 1 articleShow sources
- Find hidden malicious OAuth apps in Microsoft 365 using Cazadora — www.bleepingcomputer.com — 20.10.2025 17:00