MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Credential Access/ T1528

T1528Steal Application Access Token

T1528 — Steal Application Access Token is a MITRE ATT&CK technique in the Credential Access tactic. Clankerusecase tracks 34 detection use cases covering it and 82 threat-intel articles citing it.

Credential Access

View on the matrix → Filter Detection Library MITRE official spec ↗

34Use cases

82Articles

0Sub-techniques

1Tactic

Use cases covering this technique (34)

OAuth consent / suspicious app grant Internal actions · alerting DSΣP [WEEKLY] Edge-service post-exploitation chain: internet-facing daemon → child shell or token redemption within 10 min of external request Internal actions · alerting DSPDD [WEEKLY] Install-Triggered Registry Publish or Git Push (Supply-Chain Worm Self-Propagation) Internal actions · alerting DSPDDCSCW [WEEKLY] npm-install spawned process performing cred-file fan-out plus IMDS reach Internal actions · alerting DSPDDCSCW [WEEKLY] OAuth Device-Code Consent Phish to Cross-IP Cloud Token Replay Internal c2 · alerting DSPDD [WEEKLY] Package install lifecycle hook spawns interpreter that reads developer credential stores Internal install · alerting DSPDDCS [WEEKLY] Package-manager install-time interpreter spawn with credential-file read and outbound egress within 120s Internal install · alerting DSPDD [WEEKLY] Supply-chain repo credential theft → outbound exfil to attacker infra Internal actions · alerting DSPDD Azure AD Device Code Authentication ESCU actions · alerting P Azure AD OAuth Application Consent Granted By User ESCU actions · alerting P Azure AD User Consent Blocked for Risky Application ESCU actions · alerting P Azure AD User Consent Denied for OAuth Application ESCU actions · alerting P O365 File Permissioned Application Consent Granted by User ESCU actions · alerting P O365 Mail Permissioned Application Consent Granted by User ESCU actions · alerting P O365 User Consent Blocked for Risky Application ESCU actions · alerting P O365 User Consent Denied for OAuth Application ESCU actions · alerting P [LLM] OAuth consent grant to unfamiliar third-party AI / SaaS app — Vercel-style trust chain attack Bespoke delivery · hunting DSΣDD [LLM] npm install-time process reads .npmrc, SSH key, or cloud-credential file Bespoke actions · alerting DSPDDCS [LLM] Meta Graph API request with access_token in URL query string (CVE-2026-48039 leak signature) Bespoke c2 · alerting DSΣPDDCS [LLM] Cloud/SSH/npm credential file access by Node or Bun during npm install Bespoke actions · hunting DSPDDCS [LLM] Cloud IMDS credential harvesting from node/bun process on CI runner Bespoke actions · alerting DSΣPDDCSCW [LLM] Cloud credential file access by node/python runtime Bespoke actions · hunting DSΣPDDCS [LLM] Kubernetes API curl/wget with ServiceAccount token from container Bespoke actions · alerting DSΣPDDCSCW [LLM] Cloud metadata service hit (IMDSv2 / ECS) from node process under node_modules Bespoke actions · alerting DSΣPDDCSCW [LLM] Shai-Hulud npm postinstall reads cloud credential files (~/.aws, ~/.ssh, ~/.kube, gcloud ADC) Bespoke install · alerting DSΣPDDCS [LLM] Non-Codex-CLI node process reading ~/.codex/auth.json (Codex OAuth credential theft) Bespoke actions · alerting DSΣPDDCS [LLM] Package-manager process harvesting cloud metadata / Vault (IMDS 169.254.169.254, ECS 169.254.170.2, Vault :8200) Bespoke actions · hunting DSPDDCS [LLM] UTA0355 device-code phishing: deviceCode auth flow with cross-IP token redemption Bespoke delivery · alerting DSPDD [LLM] Python Process Reading Multi-Cloud Credential Stores (durabletask Stealer Stage) Bespoke actions · hunting DSPDDCS [LLM] Coder CVE-2026-46354 - Agent token redemption: PKCS#7 POST followed by gitsshkey / external-auth GET Bespoke actions · alerting SPDD [LLM] Context.ai compromised Chrome extension installed on host (ID omddlmnhcofjbnbflmjginpjjblphbgk) Bespoke install · alerting DSΣPDDCS [LLM] First-time OAuth consent granting Drive/Mail read scope to non-sanctioned third-party app Bespoke delivery · hunting DSΣPDDCS [LLM] Python process contacting AWS IMDS 169.254.169.254 (litellm stealer IAM credential theft) Bespoke actions · alerting DSΣPDDCS [LLM] In-cluster Kubernetes secret enumeration with Python user-agent (litellm stealer K8s pivot) Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (82)

crit Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication art-09

high Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit art-17

high Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing art-18

crit China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade art-22

crit Early Warning Signs of Supply-Chain Attacks Live in the Dark Web art-27

high Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code art-28

crit Rethinking MDR as Attackers and Defenders Embrace AI art-30

crit LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution art-32

high INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator art-33

high Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs art-36

crit ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities art-37

high New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets art-41

crit New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files art-42

crit The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm art-44

high npm v12 delivers one of the biggest security improvements in years art-46

crit [GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token art-47

crit Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories art-48

high AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. art-51

crit OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack art-53

high GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks art-55

crit China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance art-59

crit Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities art-61

crit Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE art-62

crit Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs art-67

high 10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums art-69

crit Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows art-71

high Meta to Use Off-Site Business Data for Feed and AI Personalization art-81

crit Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues art-82

crit WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine art-86

crit Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models art-87

crit New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing art-89

high Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer art-90

crit LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE art-92

crit One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public art-100

crit Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order art-101

crit AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload art-103

crit [GHSA / CRITICAL] CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from art-105

crit VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances art-107

crit UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign art-108

high Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI art-114

crit [GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi art-123

high Reporting from Vegas: Networking, AI, and good boys art-126

crit Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign art-139

high Why EDR and proxy won’t save you from supply chain malware art-142

crit Containers on fire: from container escapes to supply chain attacks art-158

high Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages art-159

high Typosquatted npm packages used to steal cloud and CI/CD secrets art-183

high What MDM can't protect on developer machines (and what to do about it) art-186

crit Out of the Crypt: The Evolving Cyber Extortion Economy art-193

high Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens art-194

high Why developer machines are now the number one target for supply chain attacks art-208

crit Laravel Lang Supply Chain Advisory art-211

crit [GHSA / CRITICAL] CVE-2026-46716: Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron art-213

high Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories art-215

crit Paved With Intent: ROADtools and Nation-State Tactics in the Cloud art-218

high Dev Machine Guard Now Supports Linux art-234

crit The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised art-248

crit [GHSA / CRITICAL] CVE-2026-46354: Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft art-249

high Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again! art-254

crit Active Supply Chain Attack: Malicious node-ipc Versions Published to npm art-269

crit Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Sco art-333

crit Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools art-335

crit lightning PyPI Compromise: A Bun-Based Credential Stealer in Python art-343

high Someone published four versions of a fake "tanstack" package in 27 minutes to steal your .env files art-346

high "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages art-348

high Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers art-352

high It's time to treat browser extensions like supply chain attack vectors art-354

high hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far art-403

crit Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw art-404

crit litellm: Credential Stealer Hidden in PyPI Wheel art-423

crit Securing the Agent Skills Registry: How Snyk and Tessl Are Setting the Standard art-465

high The Future of AI Agent Security Is Guardrails art-547

crit How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware art-564

high G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets art-604

high ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations art-624

crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642

crit Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages art-690

crit s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware art-778

high Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack art-789

med Common SAML vulnerabilities and how to remediate them art-1307

high Snyk Apps now GA: An easy, standardized, and secure framework for building custom integrations art-1332

med Control your role! Kubernetes RBAC explored art-1411