OTX Bot

Inside an AIenabled device code phishing campaign

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational accounts at scale. While traditional device code attacks are typically narrow in scope, this campaign demonstrated a higher success rate, driven by automation and dynamic code generation that circumvented the standard 15-minute expiration window for device codes. This activity aligns with the emergence of EvilToken, a Phishing-as-a-Service (PhaaS) toolkit identified as a key driver of large-scale device code abuse.

Pulse ID: 69d4175ab0f5278eae91f1cf
Pulse Link: https://otx.alienvault.com/pulse/69d4175ab0f5278eae91f1cf
Pulse Author: AlienVault
Created: 2026-04-06 20:28:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #Phishing #RAT #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
9:31pmWeb