Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs

Wiz Research has developed an automated methodology using Large Language Models (LLMs) to identify malicious Azure OAuth applications involved in consent phishing campaigns. These campaigns trick users into granting excessive permissions to attacker-controlled applications, potentially leading to unauthorized access to cloud resources and data exfiltration. The severity of OAuth consent phishing is high, as it bypasses traditional authentication controls like MFA. While no specific threat actors or malware families are identified in this summary, the technique represents a significant risk to cloud environments relying on Microsoft Azure. Organizations should implement strict consent policies, monitor OAuth app registrations, and utilize automated detection tools to mitigate this threat. Continuous monitoring and user awareness training regarding application permission requests are essential defenses against these emerging social engineering tactics targeting cloud infrastructure identities.

How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns.

Wiz Research has developed an automated methodology using Large Language Models (LLMs) to identify malicious Azure OAuth applications involved in consent phishing campaigns. These campaigns trick users into granting excessive permissions to attacker-controlled applications, potentially leading to unauthorized access to cloud resources and data exfiltration. The severity of OAuth consent phishing is high, as it bypasses traditional authentication controls like MFA. While no specific threat actors or malware families are identified in this summary, the technique represents a significant risk to cloud environments relying on Microsoft Azure. Organizations should implement strict consent policies, monitor OAuth app registrations, and utilize automated detection tools to mitigate this threat. Continuous monitoring and user awareness training regarding application permission requests are essential defenses against these emerging social engineering tactics targeting cloud infrastructure identities. How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns. How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns.