Skip to main content

Tag: eviltokens

5 articles

Office workstation with laptop and printer in background.

EvilTokens Exposes New Blind Spot in Email Security

A shocking 75.6% of consulting firms were exposed to phishing attacks in 2026, with other industries like financial services, manufacturing, and tech also falling prey to these threats. EvilTokens' ghost phishing campaign uses a sneaky Microsoft Device Code Phishing tactic to trick victims into giving hackers access to their Microsoft 365 accounts.

Analyst 207
Modern office building exterior in a business district at daytime.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit

Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

Analyst 207
Cluttered office desk with open laptop, invoices, and scattered papers showing signs of disruption.

EvilTokens Phishing Kit Exposes Sophisticated Evasion Tactics

Microsoft VP of security research Tanmay Ganacharya revealed that 10-15 distinct EvilTokens phishing campaigns have been launching daily since March 15, 2026, showcasing the alarming speed at which device-code phishing operations have scaled. This comes as Cisco Talos incident responders uncovered a targeted phishing chain that abused a real vendor relationship using an outstanding-invoice lure.

Analyst 207
Darkened cityscape at dusk with a brightly-lit laptop on a cluttered table.

Phishing Kit Unveils Sophisticated BEC-as-a-Service Capabilities

Meet ARToken, a sophisticated phishing kit that's redefining the threat landscape with its Business Email Compromise (BEC)-as-a-Service capabilities, allowing attackers to launch highly targeted and convincing scams. This advanced platform is a game-changer, offering a complete BEC operations environment that's far more complex than your average phishing kit.

Analyst 207
Person sitting at laptop with unease, surrounded by office environment.

OAuth Grants Expose Hidden Risk Below MFA Perimeter

In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and calendars. This sneaky tactic allowed hackers to bypass traditional security measures, including multi-factor authentication.

Analyst 207