#TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows.

Reply to #TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows. on Mon, 30 Mar 2026 15:56:27 GMT

sekoia_io@infosec.exchange — Mon, 30 Mar 2026 15:56:27 GMT

Our report offers a technical analysis of the EvilTokens kit, its delivery campaigns, and the adversary's infrastructure.

Reply to #TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows. on Mon, 30 Mar 2026 15:56:26 GMT

sekoia_io@infosec.exchange — Mon, 30 Mar 2026 15:56:26 GMT

Active since late February 2026 and rapidly adopted by cybercriminals, TDR analysts believe EvilTokens will become a serious competitor in the phishing and BEC landscape.

Reply to #TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows. on Mon, 30 Mar 2026 15:56:26 GMT

sekoia_io@infosec.exchange — Mon, 30 Mar 2026 15:56:26 GMT

EvilTokens device code phishing pages allows attackers to capture Microsoft refresh and access token, weaponise them, harvest victims' mailbox, and automatically craft BEC emails using AI.