Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft.
OAuth, short for Open Authorization, is an open standard for token-based access delegation, allowing applications to access resources and data hosted by other web apps. Microsoft’s identity platform uses OAuth 2.0 for handling authorization.