#TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows.
-
#TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows.
️
https://buff.ly/RvF5Kux -
#TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows.
️
https://buff.ly/RvF5KuxEvilTokens device code phishing pages allows attackers to capture Microsoft refresh and access token, weaponise them, harvest victims' mailbox, and automatically craft BEC emails using AI.
-
EvilTokens device code phishing pages allows attackers to capture Microsoft refresh and access token, weaponise them, harvest victims' mailbox, and automatically craft BEC emails using AI.
Active since late February 2026 and rapidly adopted by cybercriminals, TDR analysts believe EvilTokens will become a serious competitor in the phishing and BEC landscape.
-
Active since late February 2026 and rapidly adopted by cybercriminals, TDR analysts believe EvilTokens will become a serious competitor in the phishing and BEC landscape.
Our report offers a technical analysis of the EvilTokens kit, its delivery campaigns, and the adversary's infrastructure.
