Sekoia.io

@[email protected]
134 Followers
1 Following
219 Posts
A #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
Websitehttps://sekoia.io
Bloghttps://blog.sekoia.io
GitHubhttps://github.com/SEKOIA-IO
Show threadSekoia.io1d ago
The EvilTokens PhaaS runs via fully featured Telegram bots and continuously enhances its phishing kit with new capabilities.
Show threadSekoia.io1d ago
Part 1 of our technical deep dive into EvilTokens: https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/
New widespread EvilTokens kit: device code phishing as-a-service - Part 1

Uncover the new sophisticated EvilTokens device code phishing as-a-service, with AI-augmented features facilitating BEC fraud

Sekoia.io Blog
Sekoia.io1d ago

Part 2 of our #EvilTokens analysis is live. TDR analysts uncovered the AI-augmented features that automate and scale #BEC workflows, marking a breakthrough in the #PhaaS ecosystem.

https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/

Show threadSekoia.io1d ago
We assess that EvilTokens is the first PhaaS to offer #AI-augmented post-compromise tooling, representing a significant shift in the BEC ecosystem by making advanced, victim-tailored fraud capabilities accessible to a broad audience of financially-motivated threat actors.
Show threadSekoia.io1d ago

TDR analysts gained access to the #EvilTokens backend JavaScript and implemented device code phishing functions and token weaponisation.

This script also includes #LLM #prompts to analyse large volumes of emails, construct BEC attack scenarios, and draft targeted #BEC emails.

Show threadSekoia.ioMar 30
Active since late February 2026 and rapidly adopted by cybercriminals, TDR analysts believe EvilTokens will become a serious competitor in the phishing and BEC landscape.
Show threadSekoia.ioMar 30
As usual, IoCs are available in our Community GitHub repository:
https://github.com/SEKOIA-IO/Community/tree/main/IOCs/eviltokens
Community/IOCs/eviltokens at main · SEKOIA-IO/Community

Welcome to the SEKOIA.IO Community repository! . Contribute to SEKOIA-IO/Community development by creating an account on GitHub.

GitHub
Show threadSekoia.ioMar 30
Our report offers a technical analysis of the EvilTokens kit, its delivery campaigns, and the adversary's infrastructure.
Sekoia.ioMar 30
#TDR analysts uncovered an emerging Phishing-as-a-Service (#PhaaS) platform called #EvilTokens, which offers device code phishing pages and AI-augmented features to automate and scale #BEC workflows.
⬇️
https://buff.ly/RvF5Kux
Show threadSekoia.ioMar 30
EvilTokens device code phishing pages allows attackers to capture Microsoft refresh and access token, weaponise them, harvest victims' mailbox, and automatically craft BEC emails using AI.