{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicozes37kl5h3fppbiekolgh3frd2ccuarczmea6j7a6rfbkyghcu",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mj2zhveihbr2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifcdxrmwekzqk4y7tmkdgtvsu5a3n3e32ewpd4aek2x22sgavz6ia"
    },
    "mimeType": "image/jpeg",
    "size": 246138
  },
  "path": "/microsoft-device-code-phishing-and-fake-claude-code-ads-show-how-attackers-now-abuse-trusted-sign-in-and-install-flows/",
  "publishedAt": "2026-04-09T13:47:42.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Microsoft device-code phishing and fake Claude Code ads show how attackers now abuse trusted sign-in and install flows",
    "VPN Central"
  ],
  "textContent": "Attackers are using two fast-growing tactics to compromise business and developer accounts. One campaign abuses Microsoft’s legitimate device code sign-in flow to steal OAuth tokens without stealing passwords, while another uses fake Claude Code install pages and malicious search ads to infect macOS users with AMOS stealer. Microsoft and multiple security researchers have published warnings […]\n\nThe post Microsoft device-code phishing and fake Claude Code ads show how attackers now abuse trusted sign-in and install flows appeared first on VPN Central.",
  "title": "Microsoft device-code phishing and fake Claude Code ads show how attackers now abuse trusted sign-in and install flows"
}