Browser-in-the-Browser phishing campaign targets Microsoft 365 users with fake OAuth login popups
By
Sinisa Markovic
Summary
Palo Alto Networks Unit 42 has identified a new Browser-in-the-Browser (BitB) phishing campaign targeting Microsoft 365 users. The attack uses fake login popups embedded within webpages that closely mimic legitimate browser authentication windows, complete with spoofed Microsoft OAuth URLs and login forms. When victims click a Microsoft sign-in button, they are presented with what appears to be a standard authentication prompt, making it difficult to distinguish from a genuine login request.
Source
Key quotes
· 3 pulledA new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42.
The attack relies on a fake browser window embedded within a webpage.
Victims who click a Microsoft sign-in button are presented with what appears to be a standard authentication prompt, complete with a spoofed Microsoft OAuth URL and a login form.
You might also wanna read

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures
Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control
watchTowr Labs·2mo agoMicrosoft uncovers Tor-based cryptocurrency clipper malware with worm-like propagation
Microsoft Threat Intelligence identified a Windows-based cryptocurrency clipper malware campaign active since February 2026. The malware use

Comments
Sign in to join the conversation.
No comments yet. Be the first.