Device Code Phishing Attack Targets Microsoft OAuth Users

Device Code Phishing Attack Targets Microsoft OAuth Users

First seen 6 Jul 2026, 09:41 UTC www.huntress.comSecurelistwww.kaspersky.com 85% similarity 51.9

Article Content

Browse articles
ThreatCluster

A recent phishing campaign exploits the Device Authorization Grant in Microsoft's OAuth 2.0 implementation. Attackers direct victims to input credentials on a legitimate Microsoft site, bypassing traditional phishing defenses. This method targets users of IoT devices and smart TVs, allowing unauthorized access to their accounts. The attack leverages the device code flow, which is designed for input-constrained devices, making it particularly insidious. Security experts emphasize the need for enhanced awareness and defensive measures against such tactics. No specific CVEs or tools were mentioned in the articles, but the attack method is well-documented. The situation is ongoing, with recommendations for users to remain vigilant.

Key Points: • Phishing campaign exploits Microsoft's Device Authorization Grant for OAuth 2.0. • Attackers use legitimate Microsoft sites to trick users into entering credentials. • The method targets IoT devices and smart TVs, increasing the risk of unauthorized access.

ThreatCluster AI

Timeline

2026-07-03
Huntress article published on Device Code Phishing
The article discusses the vulnerabilities in OAuth 2.0 implementations by Microsoft and Google, focusing on Device Code Phishing.
Huntress
2026-07-06
Securelist article details ongoing phishing campaign
The article outlines how attackers exploit the Device Authorization Grant on Microsoft's site, highlighting the method's effectiveness.
Securelist

Community

Browse all →