bleeping-computer · Crawled Jul 5, 2026

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

2 IoCs
Read original article ↗

AI Summary

ARToken, a phishing-as-a-service (PhaaS) platform, is linked to the EvilTokens Microsoft 365 phishing toolkit, enabling attackers to steal authentication tokens and bypass multi-factor authentication via device code phishing. The platform provides affiliates with persistent access through Primary Refresh Tokens (PRTs) and supports automated business email compromise (BEC) operations using AI. It allows for mailbox monitoring, file exfiltration from SharePoint and OneDrive, and deployment via Cloudflare Workers, indicating a sophisticated, multi-tenant attack infrastructure.

AI-extracted · verify before operational use

Indicators of Compromise 2 extracted

Type Value Detail
Domain artoken-panel.com Details →
Domain evil-tokens.com Details →