Sekoia.ioPart 2 of our #EvilTokens analysis is live. TDR analysts uncovered the AI-augmented features that automate and scale #BEC workflows, marking a breakthrough in the #PhaaS ecosystem.
The EvilTokens PhaaS runs via fully featured Telegram bots and continuously enhances its phishing kit with new capabilities.
TDR analysts gained access to the #EvilTokens backend JavaScript and implemented device code phishing functions and token weaponisation.
This script also includes #LLM #prompts to analyse large volumes of emails, construct BEC attack scenarios, and draft targeted #BEC emails.
We assess that EvilTokens is the first PhaaS to offer #AI-augmented post-compromise tooling, representing a significant shift in the BEC ecosystem by making advanced, victim-tailored fraud capabilities accessible to a broad audience of financially-motivated threat actors.
Part 1 of our technical deep dive into EvilTokens: https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/
