Sekoia.ioMar 30
#TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows.
⬇️
https://buff.ly/RvF5Kux
Show threadSekoia.ioMar 30
EvilTokens device code phishing pages allows attackers to capture Microsoft refresh and access token, weaponise them, harvest victims' mailbox, and automatically craft BEC emails using AI.
Show threadSekoia.ioMar 30
Active since late February 2026 and rapidly adopted by cybercriminals, TDR analysts believe EvilTokens will become a serious competitor in the phishing and BEC landscape.
Show threadSekoia.io
Our report offers a technical analysis of the EvilTokens kit, its delivery campaigns, and the adversary's infrastructure.
Mar 30 at 3:56pmWeb
Show threadSekoia.ioMar 30
As usual, IoCs are available in our Community GitHub repository:
https://github.com/SEKOIA-IO/Community/tree/main/IOCs/eviltokens
Community/IOCs/eviltokens at main · SEKOIA-IO/Community

Welcome to the SEKOIA.IO Community repository! . Contribute to SEKOIA-IO/Community development by creating an account on GitHub.

GitHub