EvilTokens device-code phishing kit totally more evil than we all thought

https://image.theregister.com/5265456.jpg?imageId=5265456&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

It's a 'complete BEC operations environment,' Talos researcher says

EvilTokens, the device-code phishing kit that can allow criminals to bypass multi-factor authentication (MFA) and silently authenticate as the victim to the organization's Microsoft 365 applications, appears to be even more insidious than we all thought.

Cisco Talos incident responders on Wednesday described how the lure reaches a victim's inbox, and revealed new capabilities alongside a “more sophisticated evasion approach” than documented in earlier EvilTokens research.

Talos uncovered a phishing-as-a-service (PhaaS) operator panel, branded “ARToken,” that appears to be an EvilTokens customer, according to security research engineer Michael Kelley, who noted the phishing operation shares infrastructure, API contracts, and operational patterns with the EvilTokens platform.

EvilTokens was first documented by French cybersecurity firm Sekoia in March, and in April Microsoft said the device-code phishing campaign was compromising hundreds of organizations daily.

"Since March 15, 2026, we have observed 10 to 15...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more

https://cdn.mos.cms.futurecdn.net/A4ttwH2KggFYfTn2mWjS79-1024-80.jpg

Quote of the day by former Apple design chief Jony Ive: 'True simplicity is derived from so much more than just the absence of clutter and ornamentation' — laying the foundation for a timeless design philosophy

There's no understating the influence of Jony Ive – the man responsible for designing so many iconic Apple products – in changing the way that manufacturers approached consumer and business electronics. Modern design Ive, Apple's former chief design officer, first publicized this way of thinking during the introduction