bleeping-computer · Crawled Jul 5, 2026
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
2 IoCs
Read original article ↗
AI Summary
ARToken, a phishing-as-a-service (PhaaS) platform, is linked to the EvilTokens Microsoft 365 phishing toolkit, enabling attackers to steal authentication tokens and bypass multi-factor authentication via device code phishing. The platform provides affiliates with persistent access through Primary Refresh Tokens (PRTs) and supports automated business email compromise (BEC) operations using AI. It allows for mailbox monitoring, file exfiltration from SharePoint and OneDrive, and deployment via Cloudflare Workers, indicating a sophisticated, multi-tenant attack infrastructure.
AI-extracted · verify before operational use