Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Cybercriminals are using malicious Microsoft OAuth apps disguised as Adobe and DocuSign apps to steal Microsoft 365 credentials and deliver malware. The apps request limited permissions to avoid suspicion, but once granted, they redirect users to phishing forms or malware distribution pages. Users are advised to be cautious with OAuth app permissions and verify their source and legitimacy before approving them.