THREATNOIR
Subscribe
Back to Feed
MalwareMay 8, 2026

We observed a phishing campaign pivot to evade static analysis, shifting from credential theft to...

Phishing campaign pivots to OAuth device code attacks using runtime-fetched landing pages.

Read at source

Summary

Researchers observed a phishing campaign evolving its tactics to evade static analysis by shifting from credential theft to OAuth device code phishing. The attackers replaced hardcoded URLs with dynamically fetched landing pages and used blob URLs for generated images to bypass detection mechanisms.

Entities

OAuth Device Code Phishing Campaign (campaign)OAuth Device Code Flow (technology)