A worrying new warning has been issued by Microsoft after the discovery of a vicious new bug that can give cyber criminals full access to email accounts, personal calendars and even contacts lists. The threat, which was first discovered by Twitter user @ffforward, uses a fake app named “Upgrade” that, once installed on a PC, is able to set about stealing authentication tokens in Office 365.
If a victim is tricked and agrees to the full permissions asked for during the installation process it allows cyber crooks to gain complete access to their accounts. This means thieves can route through emails, look at calendars and even send messages to other personal contacts in a bid to spread the bug further.
Microsoft is clearly concerned about the threat with the firm’s Security Intelligence service confirming that they are currently tracking the scam.
In a post on Twitter the Redmond company said: “Microsoft is tracking a recent consent phishing campaign, reported by @ffforward, that abuses OAuth request links to trick users into granting consent to an app named ‘Upgrade’.
“The phishing…
