Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organizations own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the users emails and files, both of which are then plundered to launch malware and phishing scams against others. These malicious apps allow attackers to bypass multi-factor authentication, because they are approved by the user after that user has already logged in.”]
Source: https://krebsonsecurity.com/2021/05/malicious-office-365-apps-are-the-ultimate-insiders/